CVE-2005-3237

Vulnerability

Cyphor 0.19 is vulnerable to a reflected cross-site scripting (XSS) attack in the footer.php script. The t_login parameter is not properly sanitized before being output, allowing an attacker to inject arbitrary HTML or JavaScript [1][2]. This issue affects Cyphor version 0.19 and possibly earlier versions.

Exploitation

An attacker can exploit this vulnerability by crafting a malicious URL that includes a t_login parameter containing JavaScript code. No authentication is required. For example, the following request triggers the XSS: http://[target]/[path]/include/footer.php?t_login= [1]. The injected script executes in the context of the victim's browser when they visit the crafted link.

Impact

Successful exploitation allows an attacker to execute arbitrary JavaScript in the victim's browser. This can lead to session hijacking, cookie theft, or other malicious actions performed on behalf of the victim. The reference [1] notes that the attacker could potentially see clear-text passwords, indicating a risk of credential disclosure.

Mitigation

No official patch has been released for Cyphor 0.19. As a workaround, administrators should disable or sanitize the t_login parameter in footer.php or upgrade to a newer, patched version if available. Cyphor 0.19 is likely end-of-life, and no fix is documented in the provided references [1][2]. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.