Lucene search

[email protected]CVE-2005-1634

HistoryMay 17, 2005 - 4:00 a.m.

CVE-2005-1634

2005-05-1704:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-1634

cross-site scripting

xss

jgs-xa jgs-portal

security vulnerability

remote attack

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

48.9%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in JGS-XA JGS-Portal 3.0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) anzahl_beitraege parameter to jgs_portal.php, (2) year parameter to jgs_portal_statistik.php, (3) year parameter to jgs_portal_beitraggraf.php, (4) tag parameter to jgs_portal_viewsgraf.php, (5) year parameter to jgs_portal_themengraf.php, (6) year parameter to jgs_portal_mitgraf.php, (7) id parameter to jgs_portal_sponsor.php, or (8) the Accept-Language header to jgs_portal_log.php. NOTE: this issue may stem from the same core problem as CVE-2005-1633.

CPENameOperatorVersion
jgs-xa:jgs-portaljgs-xa jgs-portalle3.0.2

CPE	Name	Operator	Version
jgs-xa:jgs-portal	jgs-xa jgs-portal	le	3.0.2

References

marc.info/?l=bugtraq&m=111627681218415&w=2

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

48.9%

JSON

Related for CVE-2005-1634

nessus1 cve1 openvas2