Unrated severityNVD Advisory· Published Oct 26, 2005· Updated Apr 16, 2026

CVE-2005-3308

Description

Multiple cross-site scripting (XSS) vulnerabilities in Zomplog 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) comment parameter in detail.php, (3) the username parameter in get.php, and (4) the search parameter in index.php.

Affected products

Zomplog/Zomplog2 versions
cpe:2.3:a:zomplog:zomplog:3.3:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:zomplog:zomplog:3.3:*:*:*:*:*:*:*
- cpe:2.3:a:zomplog:zomplog:3.4:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

securitytracker.com/alerts/2005/Oct/1015088.htmlnvdExploitVendor Advisory
secunia.com/advisories/17306/nvdVendor Advisory
marc.infonvd
www.osvdb.org/20253nvd
www.osvdb.org/20254nvd
www.osvdb.org/20255nvd
www.securityfocus.com/bid/15168nvd
exchange.xforce.ibmcloud.com/vulnerabilities/22828nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000