Lucene search

[email protected]CVE-2005-2322

HistoryOct 03, 2022 - 4:22 p.m.

CVE-2005-2322

2022-10-0316:22:47

[email protected]

web.nvd.nist.gov

cve-2005-2322

cross-site scripting

xss

forum

vulnerability

remote attackers

web script

html

nvd

6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.022 Low

EPSS

Percentile

89.5%

JSON

Cross-site scripting (XSS) vulnerability in Class-1 Forum 0.24.4 and 0.23.2, and Clever Copy with forums installed, allows remote attackers to inject arbitrary web script or HTML via the (1) viewuser_id or (2) group parameter to users.php.

Affected configurations

NVD

Node

class-1class-1_forumMatch0.23.2

class-1class-1_forumMatch0.24.4

clever_copyclever_copy

CPENameOperatorVersion
class-1:class-1_forumclass-1 class-1 forumeq0.23.2
class-1:class-1_forumclass-1 class-1 forumeq0.24.4
clever_copy:clever_copyclever copyeq*

CPE	Name	Operator	Version
class-1:class-1_forum	class-1 class-1 forum	eq	0.23.2
class-1:class-1_forum	class-1 class-1 forum	eq	0.24.4
clever_copy:clever_copy	clever copy	eq	*

References

lostmon.blogspot.com/2005/07/class-1-forum-software-cross-site.html

secunia.com/advisories/16078

securitytracker.com/id?1014485

securitytracker.com/id?1014486

www.osvdb.org/17920

www.securityfocus.com/bid/14261

6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.022 Low

EPSS

Percentile

89.5%

JSON

Related for CVE-2005-2322

cvelist1 nvd1