Lucene search

[email protected]CVE-2005-0945

HistoryMay 02, 2005 - 4:00 a.m.

CVE-2005-0945

2005-05-0204:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

2005

0945

cross-site scripting

xss

acs blog

remote attackers

web script

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

71.6%

JSON

Cross-site scripting (XSS) vulnerability in ACS Blog 1.1.1 allows remote attackers to inject arbitrary web script or HTML via onmouseover or onload events in (1) img, (2) link, or (3) mail tags.

CPENameOperatorVersion
asp_press:acs_blogasp press acs blogeq1.1.1

CPE	Name	Operator	Version
asp_press:acs_blog	asp press acs blog	eq	1.1.1

References

marc.info/?l=bugtraq&m=111214069029812&w=2

secunia.com/advisories/14744/

securitytracker.com/id?1013584

exchange.xforce.ibmcloud.com/vulnerabilities/19864

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

71.6%

JSON