Unrated severityNVD Advisory· Published Oct 14, 2005· Updated Apr 16, 2026

CVE-2005-3200

Description

Multiple cross-site scripting (XSS) vulnerabilities in Utopia News Pro (UNP) 1.1.3 and 1.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the sitetitle parameter in header.php and (2) the version and (3) query_count parameters in footer.php.

Affected products

Utopia Software/Utopia News Pro2 versions
cpe:2.3:a:utopia_software:utopia_news_pro:1.1.3:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:utopia_software:utopia_news_pro:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:utopia_software:utopia_news_pro:1.1.4:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/17115/nvdPatchVendor Advisory
www.securityfocus.com/bid/15027nvdExploit
marc.infonvd
rgod.altervista.org/utopia113.htmlnvd
securitytracker.com/idnvd
www.osvdb.org/19940nvd
www.osvdb.org/19941nvd
www.utopiasoftware.netnvd
exchange.xforce.ibmcloud.com/vulnerabilities/22554nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.007
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000