Lucene search

[email protected]CVE-2005-1186

HistoryMay 02, 2005 - 4:00 a.m.

CVE-2005-1186

2005-05-0204:00:00

[email protected]

web.nvd.nist.gov

musicmatch jukebox

cve-2005-1186

internet explorer

trusted sites

cross-site scripting

xss

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.1%

JSON

Musicmatch Jukebox 10.00.2047 and earlier adds the musicmatch.com domain to the Trusted Sites zone in Internet Explorer, which allows systems in the domain to conduct unauthorized activities, as demonstrated using cross-site scripting (XSS) attacks.

Affected configurations

NVD

Node

musicmatchjukeboxRange≤10.00.2047

CPENameOperatorVersion
musicmatch:jukeboxmusicmatch jukeboxle10.00.2047

CPE	Name	Operator	Version
musicmatch:jukebox	musicmatch jukebox	le	10.00.2047

References

seclists.org/lists/bugtraq/2005/Apr/0212.html

securitytracker.com/id?1013718

www.hyperdose.com/advisories/H2005-04.txt

exchange.xforce.ibmcloud.com/vulnerabilities/20129

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.1%

JSON

Related for CVE-2005-1186

cvelist1 nvd1