Lucene search

[email protected]CVE-2005-0674

HistoryMar 07, 2005 - 5:00 a.m.

CVE-2005-0674

2005-03-0705:00:00

[email protected]

web.nvd.nist.gov

xss

pabox 1.6

news module

remote attackers

http post request

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.2%

JSON

Cross-site scripting (XSS) vulnerability in the News module for paBox 1.6 allows remote attackers to inject arbitrary web script or HTML via the text hidden parameter in an HTTP POST request.

Affected configurations

NVD

Node

php_arenapaboxMatch1.6

CPENameOperatorVersion
php_arena:paboxphp arena paboxeq1.6

CPE	Name	Operator	Version
php_arena:pabox	php arena pabox	eq	1.6

References

marc.info/?l=bugtraq&m=110987537431541&w=2

secunia.com/advisories/14474

securitytracker.com/id?1013363

www.securityfocus.com/bid/12719

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.2%

JSON

Related for CVE-2005-0674

nvd1 cvelist1