CVE-2005-3851

Sažetak

Cross-site scripting (XSS) vulnerability in search.asp in Online Attendance System (OASYS) Lite 1.0 allows remote attackers to inject arbitrary web script or HTML via certain search parameters, possibly the keyword parameter.

Reference

http://pridels0.blogspot.com/2005/11/oasys-lite-10-searchasp-xss-vuln.html
http://secunia.com/advisories/17712
http://www.osvdb.org/21095
http://www.securityfocus.com/bid/15605
http://www.vupen.com/english/advisories/2005/2583

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

08-03-2011 - 02:27

Objavljeno

27-11-2005 - 11:03