CVE-2005-3477
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2005-3477
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Multiple interpretation error in the image upload handling code in Invision Gallery 2.0.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML or script in an image whose type does not match its extension, which is rendered by Internet Explorer due to CVE-2005-3312. NOTE: it could be argued that this vulnerability is due to a design flaw in Internet Explorer and the proper fix should be in that browser; if so, then this should not be treated as a vulnerability in Invision Gallery.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Invision Gallery图像上传HTML注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Invision Gallery一个强大完整功能相册系统,简单易用。 Invision Gallery 2.0.3的图像上传处理代码中的多个解释错误,可让远程攻击者通过类型与扩展名不匹配的图像中的HTML或脚本来执行跨站脚本(XSS)攻击。注:有争议指出这是因为Internet Explorer的设计缺陷而造成的漏洞,在浏览器内作修复才是适当的解决方法;如果是这样,那么此问题不应视为Invision Gallery中的漏洞。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2005-3477
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2005-3477
请登录查看更多情报信息。
- http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0519.htmlmailing-listx_refsource_FULLDISC
- https://nvd.nist.gov/vuln/detail/CVE-2005-3477
Same Patch Batch · n/a · 2005-11-03 · 17 CVEs total
| CVE-2005-3483 | GraphOn GO-Global For Windows远程缓冲区溢出漏洞 | |
| CVE-2005-3484 | NeroNet目录遍历漏洞 | |
| CVE-2005-3485 | Glider Collect'n kill gl_playerEnter命令缓冲区溢出漏洞 | |
| CVE-2005-3486 | Scorched 3D多个格式化字符串漏洞 | |
| CVE-2005-3487 | Scorched 3D多个缓冲区溢出漏洞 | |
| CVE-2005-3488 | Scorched 3D ServerConnectHandler.cpp拒绝服务漏洞 | |
| CVE-2005-3472 | Sun Java System Communications Express信息泄露漏洞 | |
| CVE-2005-3473 | Simple PHP Blog多个跨站脚本漏洞 | |
| CVE-2005-3474 | Sony First4Internet XCP DRM中aries.sys驱动隐藏文件、进程、注册表漏洞 | |
| CVE-2005-3475 | Hasbani Web Server形态异常的HTTP GET请求远程拒绝服务漏洞 | |
| CVE-2005-3476 | HP OpenVMS未明的本地拒绝服务漏洞 | |
| CVE-2005-3478 | PHPCafe Tutorial Manager Index.PHP SQL注入漏洞 | |
| CVE-2005-3479 | Ringtail CaseBook中login.asp跨站脚本漏洞 | |
| CVE-2005-3480 | Ringtail CaseBook中login.asp用户名信息泄露漏洞 | |
| CVE-2005-3481 | Cisco IOS系统定时器堆溢出漏洞 | |
| CVE-2005-3482 | Cisco Airespace无线LAN控制器允许未加密网络访问漏洞 |
IV. Related Vulnerabilities
Same vendor: n/a
- CVE-2026-8276
bettercap MySQL Server mysql_server.go integer coercion - CVE-2026-8275
bettercap zerogod IPP Service zerogod_ipp_primitives.go ippR - CVE-2026-8270
Open5GS SMF ogs_nas_parse_qos_rules denial of service - CVE-2026-8269
Open5GS SMF smf_nsmf_handle_create_sm_context denial of serv - CVE-2026-8268
Open5GS SMF OpenAPI_list_create denial of service
V. Comments for CVE-2005-3477
No comments yet