CVE-2005-2416

Sažetak

Multiple cross-site scripting (XSS) vulnerabilities in Contrexx before 1.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) term parameter to the search module or (2) title in the blog aggregation module.

Reference

http://marc.info/?l=bugtraq&m=112206702015439&w=2
http://secunia.com/advisories/16169
http://securitytracker.com/id?1014554
http://www.hardened-php.net/advisory_112005.59.html
http://www.osvdb.org/18168
http://www.osvdb.org/18169
http://www.securityfocus.com/bid/14352
https://exchange.xforce.ibmcloud.com/vulnerabilities/21484
https://exchange.xforce.ibmcloud.com/vulnerabilities/21487

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

11-07-2017 - 01:32

Objavljeno

03-08-2005 - 04:00