CVE-2005-0870

Publication date 2 May 2005

Last updated 17 July 2025

Ubuntu priority

Description

Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) sensor_program parameter to index.php, (2) text[language], (3) text[template], or (4) hide_picklist parameter to system_footer.php.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
egroupware	7.04 feisty	Fixed 1.0.0.009.dfsg-3-4
	6.10 edgy	Fixed 1.0.0.009.dfsg-3-4
	6.06 LTS dapper	Fixed 1.0.0.009.dfsg-3-4
phpgroupware	7.04 feisty	Fixed 0.9.16.010-1
	6.10 edgy	Fixed 0.9.16.010-1
	6.06 LTS dapper	Fixed 0.9.16.010-1
phpsysinfo	7.04 feisty	Fixed 2.3-7
	6.10 edgy	Fixed 2.3-7
	6.06 LTS dapper	Fixed 2.3-7

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2005-0870