ID CVE-2005-0802
Type cve
Reporter NVD
Modified 2017-07-10T21:32:25
Description
Cross-site scripting (XSS) vulnerability in search.asp in ACS Blog 0.8 through 1.1b allows remote attackers to execute arbitrary web script or HTML via the search parameter.
{"id": "CVE-2005-0802", "bulletinFamily": "NVD", "title": "CVE-2005-0802", "description": "Cross-site scripting (XSS) vulnerability in search.asp in ACS Blog 0.8 through 1.1b allows remote attackers to execute arbitrary web script or HTML via the search parameter.", "published": "2005-05-02T00:00:00", "modified": "2017-07-10T21:32:25", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0802", "reporter": "NVD", "references": ["http://www.securityfocus.com/bid/12836", "http://securitytracker.com/id?1013470", "http://marc.info/?l=bugtraq&m=111108840811698&w=2", "https://exchange.xforce.ibmcloud.com/vulnerabilities/19728"], "cvelist": ["CVE-2005-0802"], "type": "cve", "lastseen": "2017-07-11T11:14:49", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:asp_press:acs_blog:0.8", "cpe:/a:asp_press:acs_blog:1.1b", "cpe:/a:asp_press:acs_blog:0.9", "cpe:/a:asp_press:acs_blog:1.0"], "cvelist": ["CVE-2005-0802"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "Cross-site scripting (XSS) vulnerability in search.asp in ACS Blog 0.8 through 1.1b allows remote attackers to execute arbitrary web script or HTML via the search parameter.", "edition": 2, "enchantments": {}, "hash": "6d048932ed6d6c0ba0205a7e665e772dff1adb46d51ab4162319ebbf65e1bf6d", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "44f3f972f1219e5a5130d74f050ce136", "key": "published"}, {"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "85d6d0209eff4e92f261c3bb94f0764f", "key": "title"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "bb074534219d0a091d9577a8efaba4a5", "key": "cvelist"}, {"hash": "a305f777933854fa3a9864922a98a6a2", "key": "modified"}, {"hash": "284adaae69dfa09847dd384506f96d7f", "key": "references"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "f64c771e113c47d6d2deec970ebf61aa", "key": "description"}, {"hash": "4b68810be68e0197a600e47171f73da9", "key": "href"}, {"hash": "d9e9725ca0b47aedd4f57449b9701681", "key": "cpe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0802", "id": "CVE-2005-0802", "lastseen": "2017-04-18T15:50:59", "modified": "2016-10-17T23:14:48", "objectVersion": "1.2", "published": "2005-05-02T00:00:00", "references": ["http://www.securityfocus.com/bid/12836", "http://securitytracker.com/id?1013470", "http://marc.info/?l=bugtraq&m=111108840811698&w=2", "http://xforce.iss.net/xforce/xfdb/19728"], "reporter": "NVD", "scanner": [], "title": "CVE-2005-0802", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 2, "lastseen": "2017-04-18T15:50:59"}, {"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:asp_press:acs_blog:0.8", "cpe:/a:asp_press:acs_blog:1.1b", "cpe:/a:asp_press:acs_blog:0.9", "cpe:/a:asp_press:acs_blog:1.0"], "cvelist": ["CVE-2005-0802"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "Cross-site scripting (XSS) vulnerability in search.asp in ACS Blog 0.8 through 1.1b allows remote attackers to execute arbitrary web script or HTML via the search parameter.", "edition": 1, "hash": "c383875932d306589819315f1e1f17468810aa3e738f9980ce2f1e9b5e837cf5", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "44f3f972f1219e5a5130d74f050ce136", "key": "published"}, {"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "85d6d0209eff4e92f261c3bb94f0764f", "key": "title"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "bb074534219d0a091d9577a8efaba4a5", "key": "cvelist"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "f64c771e113c47d6d2deec970ebf61aa", "key": "description"}, {"hash": "3833059563d8bc109338b5c52404faf4", "key": "modified"}, {"hash": "4b68810be68e0197a600e47171f73da9", "key": "href"}, {"hash": "d9e9725ca0b47aedd4f57449b9701681", "key": "cpe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "2f6137db972a805377fb3df11ee58287", "key": "references"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0802", "id": "CVE-2005-0802", "lastseen": "2016-09-03T05:13:44", "modified": "2008-09-05T16:47:21", "objectVersion": "1.2", "published": "2005-05-02T00:00:00", "references": ["http://www.securityfocus.com/bid/12836", "http://securitytracker.com/id?1013470", "http://marc.theaimsgroup.com/?l=bugtraq&m=111108840811698&w=2", "http://xforce.iss.net/xforce/xfdb/19728"], "reporter": "NVD", "scanner": [], "title": "CVE-2005-0802", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T05:13:44"}], "edition": 3, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "d9e9725ca0b47aedd4f57449b9701681"}, {"key": "cvelist", "hash": "bb074534219d0a091d9577a8efaba4a5"}, {"key": "cvss", "hash": "6e9bdd2021503689a2ad9254c9cdf2b3"}, {"key": "description", "hash": "f64c771e113c47d6d2deec970ebf61aa"}, {"key": "href", "hash": "4b68810be68e0197a600e47171f73da9"}, {"key": "modified", "hash": "b767dcde019e9265aad69c781c3c2277"}, {"key": "published", "hash": "44f3f972f1219e5a5130d74f050ce136"}, {"key": "references", "hash": "0ffdee949a04993d55e4a9077649bf3b"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "85d6d0209eff4e92f261c3bb94f0764f"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "ef411cbf19b2139a05c97efe3734541c9fd7307824f10ab516fe5df07d6c6098", "viewCount": 0, "enchantments": {"score": {"value": 4.3, "vector": "NONE", "modified": "2017-07-11T11:14:49"}, "dependencies": {"references": [{"type": "exploitdb", "idList": ["EDB-ID:25233"]}], "modified": "2017-07-11T11:14:49"}, "vulnersScore": 4.3}, "objectVersion": "1.3", "cpe": ["cpe:/a:asp_press:acs_blog:0.8", "cpe:/a:asp_press:acs_blog:1.1b", "cpe:/a:asp_press:acs_blog:0.9", "cpe:/a:asp_press:acs_blog:1.0"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}
{"exploitdb": [{"lastseen": "2016-02-03T00:55:50", "bulletinFamily": "exploit", "description": "ACS Blog 0.8/0.9/1.0/1.1 Search.ASP Cross-Site Scripting Vulnerability. CVE-2005-0802. Webapps exploit for asp platform", "modified": "2005-03-17T00:00:00", "published": "2005-03-17T00:00:00", "id": "EDB-ID:25233", "href": "https://www.exploit-db.com/exploits/25233/", "type": "exploitdb", "title": "ACS Blog 0.8/0.9/1.0/1.1 - Search.ASP Cross-Site Scripting Vulnerability", "sourceData": "source: http://www.securityfocus.com/bid/12836/info\r\n\r\nACS Blog is reportedly affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.\r\n\r\nAn attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks. \r\n\r\nhttp://www.example.com//search.asp?search=%22%3Cbr%3E%3Ciframe+src%3D%22http%3A%2F%2Fgoogle.com%22%3E%3C%2Fiframe%3E ", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/25233/"}]}