Unrated severityNVD Advisory· Published May 16, 2005· Updated Apr 16, 2026

CVE-2005-1605

Description

Cross-site scripting (XSS) vulnerability in the guestbook for SiteStudio 1.6 allows remote attackers to inject arbitrary web script or HTML via the name field to (1) psoft.guestbook.GuestBookServ in Standalone Site Studio or (2) E-Guest_sign.pl in Integrated Site Studio with H-Sphere.

Affected products

Positive Software/Sitestudio2 versions
cpe:2.3:a:positive_software:sitestudio:1.6_final:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:positive_software:sitestudio:1.6_final:*:*:*:*:*:*:*
- cpe:2.3:a:positive_software:sitestudio:1.6_patch_1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

exploitlabs.com/files/advisories/EXPL-A-2005-008-sitestudio.txtnvdPatch
secunia.com/advisories/15286nvdPatch
www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-05/0154.htmlnvdPatch
www.psoft.net/SS/ss_16_security_update_guestbook.htmlnvdPatch
www.psoft.net/misc/hsphere_winbox_security_update_guestbook.htmlnvdPatch
www.osvdb.org/16240nvd
www.securityfocus.com/bid/13554nvd
exchange.xforce.ibmcloud.com/vulnerabilities/20496nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000