CVE-2005-4239
published 2005-12-14CVE-2005-4239: Cross-site scripting (XSS) vulnerability in Search/DisplayResults.php in PHP JackKnife 2.21 and earlier allows remote attackers to inject arbitrary web script…
PriorityP418medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.75%
75.1th percentile
Cross-site scripting (XSS) vulnerability in Search/DisplayResults.php in PHP JackKnife 2.21 and earlier allows remote attackers to inject arbitrary web script or HTML via URL-encoded values in the sKeywords parameter.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php_jackknife | php_jackknife | <= 2.21 | — |
| php_jackknife | php_jackknife | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c8f9-5w72-xw7p: Multiple cross-site scripting (XSS) vulnerabilities in PHP JackKnife (PHPJK) allow remote attackers to inject arbitrary web script or HTML via (1) the
ghsa_unreviewed·2022-05-01·CVSS 4.3
CVE-2007-3001 [MEDIUM] GHSA-c8f9-5w72-xw7p: Multiple cross-site scripting (XSS) vulnerabilities in PHP JackKnife (PHPJK) allow remote attackers to inject arbitrary web script or HTML via (1) the
Multiple cross-site scripting (XSS) vulnerabilities in PHP JackKnife (PHPJK) allow remote attackers to inject arbitrary web script or HTML via (1) the sUName parameter to UserArea/Authenticate.php, (2) the sAccountUnq parameter to UserArea/NewAccounts/index.php, or the (3) iCategoryUnq, (4) iDBLoc, (5) iTtlNumItems, (6) iNumPerPage, or (7) sSort parameter to G_Display.php, different vectors than CVE-2005-4239.
GHSA
GHSA-whrv-gm55-4x34: Cross-site scripting (XSS) vulnerability in Search/DisplayResults
ghsa_unreviewed·2022-05-01
CVE-2005-4239 [MEDIUM] GHSA-whrv-gm55-4x34: Cross-site scripting (XSS) vulnerability in Search/DisplayResults
Cross-site scripting (XSS) vulnerability in Search/DisplayResults.php in PHP JackKnife 2.21 and earlier allows remote attackers to inject arbitrary web script or HTML via URL-encoded values in the sKeywords parameter.
No detection rules found.
No writeups or analysis indexed.
http://pridels0.blogspot.com/2005/12/php-jackknife-xss-vuln.htmlhttp://secunia.com/advisories/18020http://www.securityfocus.com/bid/15841http://www.vupen.com/english/advisories/2005/2877http://pridels0.blogspot.com/2005/12/php-jackknife-xss-vuln.htmlhttp://secunia.com/advisories/18020http://www.securityfocus.com/bid/15841http://www.vupen.com/english/advisories/2005/2877
2005-12-14
Published