Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
certCERTVU:716144
HistoryFeb 21, 2005 - 12:00 a.m.

Verity Ultraseek contains a cross-site scripting vulnerability in the processing of search requests

2005-02-2100:00:00
www.kb.cert.org
24

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

69.7%

JSON

Overview

Verity’s Ultraseek application contains a cross-site scripting vulnerability in the processing of search requests.

Description

Verity Ultraseek is a web site search engine application. Ultraseek contains a cross-site scripting vulnerability in the processing of search requests. More information about cross-site scripting can be found in CERT Advisory CA-2000-02.

Impact

An attacker may be able to obtain sensitive data from a web site that uses Ultraseek. Depending on the nature of the web site, this data may include passwords, credit card numbers, and any arbitrary information provided by the user. Likewise, information stored in cookies could be stolen or corrupted.

Solution

Install an update

According to Verity, this issue is resolved by upgrading to Ultraseek 5.3.3.

Vendor Information

716144

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Verity __ Affected

Notified: December 10, 2004 Updated: February 10, 2005

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Verity has indicated that a current support contract is required to download Ultraseek 5.3.3.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23716144 Feedback>).

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

Thanks to Michael Krax for reporting this vulnerability.

This document was written by Will Dormann.

Other Information

CVE IDs: CVE-2005-0514
CERT Advisory: CA-2000-02 Severity Metric:

Related

nvd 1
cvelist 1
cve 1
nessus 1
openvas 1
nvd
nvd
CVE-2005-0514
2005-02-22 05:00:00
cvelist
cvelist
CVE-2005-0514
2005-02-23 05:00:00
cve
cve
CVE-2005-0514
2005-02-23 05:00:00
nessus
nessus
Verity Ultraseek Search Request XSS
2005-02-28 00:00:00
openvas
openvas
Verity Ultraseek search request XSS
2005-11-03 00:00:00

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

69.7%

JSON
Related for VU:716144
nvd1cvelist1cve1nessus1openvas1