CVE-2005-1030

Sažetak

Multiple cross-site scripting (XSS) vulnerabilities in Active Auction House allow remote attackers to inject arbitrary web script or HTML via the (1) ReturnURL, (2) password, (3) username parameter, (4) ReturnURL parameter to account.asp, (5) Table, (6) Title parameter to sendpassword.asp, or (7) itemid to watchthisitem.asp.

Reference

http://digitalparadox.org/advisories/aass.txt
http://marc.info/?l=bugtraq&m=111280834000432&w=2
http://secunia.com/advisories/14839
http://www.osvdb.org/15284
http://www.osvdb.org/15285
http://www.osvdb.org/15286
http://www.osvdb.org/15287
http://www.securityfocus.com/bid/13036
http://www.securityfocus.com/bid/13038
http://www.securityfocus.com/bid/13039
http://www.securitytracker.com/alerts/2005/Apr/1013649.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/19975

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

11-07-2017 - 01:32

Objavljeno

02-05-2005 - 04:00