{ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-3955", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in MagpieRSS 7.1, as used in (a) blogBuddiesv 0.3, (b) Jaws 0.6.2, and possibly other products, allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) magpie_debug.php and (2) rss_url parameter to (b) magpie_slashbox.php and (c) simple_smarty.php." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://retrogod.altervista.org/JAWS_062_sql.html", "refsource": "MISC", "url": "http://retrogod.altervista.org/JAWS_062_sql.html" }, { "name": "http://sourceforge.net/tracker/index.php?func=detail&aid=1366743&group_id=127552&atid=708847", "refsource": "CONFIRM", "url": "http://sourceforge.net/tracker/index.php?func=detail&aid=1366743&group_id=127552&atid=708847" }, { "name": "jaws-magpieslashbox-xss(27337)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27337" }, { "name": "20842", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20842" }, { "name": "20150508 Feed2JS v1.7 XSS (Cross-site Scripting) Web Security Vulnerabilities", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2015/May/35" }, { "name": "17741", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17741" }, { "name": "1015264", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015264" }, { "name": "http://www.jaws-project.com/index.php?blog/show/29", "refsource": "MISC", "url": "http://www.jaws-project.com/index.php?blog/show/29" }, { "name": "21113", "refsource": "OSVDB", "url": "http://www.osvdb.org/21113" }, { "name": "15555", "refsource": "BID", "url": "http://www.securityfocus.com/bid/15555" }, { "name": "20060626 Jaws <= 0.6.2 'Search gadget' SQL injection", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/438434/100/0/threaded" }, { "name": "21112", "refsource": "OSVDB", "url": "http://www.osvdb.org/21112" }, { "name": "ADV-2006-2546", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2546" }, { "name": "21643", "refsource": "OSVDB", "url": "http://www.osvdb.org/21643" }, { "name": "18665", "refsource": "BID", "url": "http://www.securityfocus.com/bid/18665" } ] } }