Lucene search

[email protected]CVE-2005-0628

HistoryMar 01, 2005 - 5:00 a.m.

CVE-2005-0628

2005-03-0105:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-0628

cross site scripting

xss

forumwa 1.0

remote attackers

web script

html

vulnerabilities

6.2 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

65.2%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Forumwa 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the keyword parameter in search.php or the (2) body or (3) subject of a forum message.

CPENameOperatorVersion
demof:forumwademof forumwaeqv1

CPE	Name	Operator	Version
demof:forumwa	demof forumwa	eq	v1

References

marc.info/?l=bugtraq&m=110971101826900&w=2

secunia.com/advisories/14418

www.securityfocus.com/bid/12689

6.2 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

65.2%

JSON