Lucene search

[email protected]CVE-2005-1715

HistoryMay 24, 2005 - 4:00 a.m.

CVE-2005-1715

2005-05-2404:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-1715

cross-site scripting

xss

vulnerability

topo 2.2

index.php

remote attackers

web script

html

parameters

comments section

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.006 Low

EPSS

Percentile

77.8%

JSON

Cross-site scripting (XSS) vulnerability in index.php for TOPo 2.2 (2.2.178) allows remote attackers to inject arbitrary web script or HTML via the (1) m, (2) s, (3) ID, or (4) t parameters, or the (5) field name, (6) Your Web field, or (7) email field in the comments section.

CPENameOperatorVersion
ej3:topoej3 topoeq2.2
ej3:topoej3 topoeq2.2.178

CPE	Name	Operator	Version
ej3:topo	ej3 topo	eq	2.2
ej3:topo	ej3 topo	eq	2.2.178

References

lostmon.blogspot.com/2005/05/topo-22-multiple-variable-fields-xss.html

secunia.com/advisories/15325

securitytracker.com/id?1014016

www.osvdb.org/16699

www.securityfocus.com/bid/13700

www.securityfocus.com/bid/13701

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.006 Low

EPSS

Percentile

77.8%

JSON