Unrated severityNVD Advisory· Published Nov 29, 2005· Updated Apr 16, 2026

CVE-2005-3902

Description

Cross-site scripting (XSS) vulnerability in gui/errordocs/index.php in Virtual Hosting Control System (VHCS) 2.2.0 through 2.4.6.2 allows remote attackers to inject arbitrary web script or HTML via query strings that are included in an error message, as demonstrated using a parameter containing script.

Affected products

Virtual Hosting Control System/Virtual Hosting Control System4 versions
cpe:2.3:a:virtual_hosting_control_system:virtual_hosting_control_system:2.2:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:virtual_hosting_control_system:virtual_hosting_control_system:2.2:*:*:*:*:*:*:*
- cpe:2.3:a:virtual_hosting_control_system:virtual_hosting_control_system:2.4:*:*:*:*:*:*:*
- cpe:2.3:a:virtual_hosting_control_system:virtual_hosting_control_system:2.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:virtual_hosting_control_system:virtual_hosting_control_system:2.4.6.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.grok.org.uk/pipermail/full-disclosure/2005-November/039000.htmlnvdPatchVendor Advisory
moritz-naumann.com/adv/0006/vhcsxss/0006.txtnvdPatchVendor Advisory
secunia.com/advisories/17704/nvdPatchVendor Advisory
www.osvdb.org/21060nvdExploit
www.securityfocus.com/bid/15538nvdExploit
marc.infonvd
securityreason.com/securityalert/202nvd
exchange.xforce.ibmcloud.com/vulnerabilities/23209nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000