Cross-Site Scripting Vulnerability in LiteSpeed Web Server by LiteSpeed Technologies
CVE-2005-3695

Currently unrated

Key Information:

Vendor: Litespeed Technologies
Status: Litespeed Web Server
Vendor: CVE Published:; 20 November 2005

🔔 Create Litespeed Technologies Vulnerability Alert

What is CVE-2005-3695?

A Cross-site Scripting (XSS) vulnerability exists in the LiteSpeed Web Server 2.1.5, where insufficient validation of the 'm' parameter in admin/config/confMgr.php allows remote attackers to inject and execute arbitrary web scripts or HTML. This flaw may potentially compromise the security of affected systems by executing malicious scripts in the context of users who visit a compromised page. Proper input validation and sanitization practices are essential to mitigate such risks.

References

http://www.securiteam.com/unixfocus/6S00I1FEKY.html

x_refsource_MISC

http://www.securityfocus.com/bid/15485

vdb-entryx_refsource_BID

http://secunia.com/advisories/17587

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Nov 20, 2005
Vulnerability Reserved
Nov 20, 2005

JSON