Lucene search

[email protected]CVE-2004-2468

HistoryAug 20, 2005 - 4:00 a.m.

CVE-2004-2468

2005-08-2004:00:00

[email protected]

web.nvd.nist.gov

cve-2004-2468

cross-site scripting

xss

sillysearch

web script injection

html injection

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.7%

JSON

Cross-site scripting (XSS) vulnerability in SillySearch 2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter.

Affected configurations

NVD

Node

scripts_for_educatorssillysearchMatch2.3

CPENameOperatorVersion
scripts_for_educators:sillysearchscripts for educators sillysearcheq2.3

CPE	Name	Operator	Version
scripts_for_educators:sillysearch	scripts for educators sillysearch	eq	2.3

References

secunia.com/advisories/11260

www.osvdb.org/4755

www.securitytracker.com/alerts/2004/Mar/1009598.html

exchange.xforce.ibmcloud.com/vulnerabilities/15683

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.7%

JSON

Related for CVE-2004-2468

cvelist1 nvd1