Lucene search

[email protected]CVE-2004-2566

HistoryNov 22, 2005 - 2:00 a.m.

CVE-2004-2566

2005-11-2202:00:00

[email protected]

web.nvd.nist.gov

security

vulnerability

xss

liveworld products

remote attackers

web script

html

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.035 Low

EPSS

Percentile

91.5%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in LiveWorld products, possibly including (1) LiveForum, (2) LiveQ&A, (3) LiveChat, and (4) LiveFocusGroup, allow remote attackers to inject arbitrary web script or HTML via the q parameter in (a) search.jsp, (b) findclub!execute.jspa, and © search!execute.jspa.

Affected configurations

NVD

Node

liveworldlivechat

liveworldlivefocusgroup

liveworldliveforum

liveworldliveq_and_a

CPENameOperatorVersion
liveworld:livechatliveworld livechateq*
liveworld:livefocusgroupliveworld livefocusgroupeq*
liveworld:liveforumliveworld liveforumeq*
liveworld:liveq_and_aliveworld liveq and aeq*

CPE	Name	Operator	Version
liveworld:livechat	liveworld livechat	eq	*
liveworld:livefocusgroup	liveworld livefocusgroup	eq	*
liveworld:liveforum	liveworld liveforum	eq	*
liveworld:liveq_and_a	liveworld liveq and a	eq	*

References

archives.neohapsis.com/archives/bugtraq/2004-08/0326.html

securitytracker.com/id?1011036

www.gulftech.org/?node=research&article_id=00044-08232004

www.osvdb.org/9180

exchange.xforce.ibmcloud.com/vulnerabilities/17104

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.035 Low

EPSS

Percentile

91.5%

JSON

Related for CVE-2004-2566

exploitpack1 cvelist1 nvd1 exploitdb1