Unrated severityNVD Advisory· Published Dec 31, 2005· Updated Apr 16, 2026

CVE-2005-4627

Description

Cross-site scripting (XSS) vulnerability in index.php in (1) GmailSite 1.0 through 1.0.4 and (2) GFHost 0.1.1 through 0.4.2 allows remote attackers to inject arbitrary web script or HTML via the lng parameter.

Affected products

Gfhost/Gfhost6 versions
cpe:2.3:a:gfhost:gfhost:0.1.1:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:gfhost:gfhost:0.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:gfhost:gfhost:0.2:*:*:*:*:*:*:*
- cpe:2.3:a:gfhost:gfhost:0.3:*:*:*:*:*:*:*
- cpe:2.3:a:gfhost:gfhost:0.4:*:*:*:*:*:*:*
- cpe:2.3:a:gfhost:gfhost:0.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:gfhost:gfhost:0.4.2:*:*:*:*:*:*:*
Gmailsite/Gmailsite5 versions
cpe:2.3:a:gmailsite:gmailsite:1.0:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:gmailsite:gmailsite:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:gmailsite:gmailsite:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:gmailsite:gmailsite:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:gmailsite:gmailsite:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:gmailsite:gmailsite:1.0.4:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

foros.ojobuscador.com/tema1936.htmlnvdExploit
lostmon.blogspot.com/2005/12/gmailsite-variable-cross-site.htmlnvdExploitVendor Advisory
www.securityfocus.com/bid/16081nvdExploit
secunia.com/advisories/18155nvdVendor Advisory
www.osvdb.org/22083nvd
exchange.xforce.ibmcloud.com/vulnerabilities/23912nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000