Lucene search

[email protected]CVE-2005-0919

HistoryMar 29, 2005 - 5:00 a.m.

CVE-2005-0919

2005-03-2905:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-0919

adventia chat

server pro

remote attackers

web script

html

cross-site scripting

xss

vulnerability

nvd

6.2 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

81.3%

JSON

Adventia Chat 3.1 and Server Pro 3.0 allows remote attackers to inject arbitrary web script or HTML into the chat space, which leaves other users vulnerable to cross-site scripting (XSS) attacks.

CPENameOperatorVersion
adventia:adventia_chatadventia adventia chateq3.1
adventia:adventia_server_proadventia adventia server proeq3.0

CPE	Name	Operator	Version
adventia:adventia_chat	adventia adventia chat	eq	3.1
adventia:adventia_server_pro	adventia adventia server pro	eq	3.0

References

exploitlabs.com/files/advisories/EXPL-A-2005-003-adventiachat.txt

marc.info/?l=full-disclosure&m=111211930330410&w=2

securitytracker.com/id?1013588

www.osvdb.org/15156

www.securityfocus.com/bid/12927

www.securityfocus.com/bid/12940

exchange.xforce.ibmcloud.com/vulnerabilities/21317

6.2 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

81.3%

JSON