Lucene search

[email protected]CVE-2005-2392

HistoryJul 27, 2005 - 4:00 a.m.

CVE-2005-2392

2005-07-2704:00:00

[email protected]

web.nvd.nist.gov

xss

cmsimple

index.php

web script

html

vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.4%

JSON

Cross-site scripting (XSS) vulnerability in index.php for CMSimple 2.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in the search function.

Affected configurations

NVD

Node

cmsmadesimplecms_made_simpleMatch1.0

cmsmadesimplecms_made_simpleMatch1.1

cmsmadesimplecms_made_simpleMatch1.2

cmsmadesimplecms_made_simpleMatch1.3beta1

cmsmadesimplecms_made_simpleMatch1.3beta2

cmsmadesimplecms_made_simpleMatch2.0beta1

cmsmadesimplecms_made_simpleMatch2.0beta2

cmsmadesimplecms_made_simpleMatch2.0beta3

cmsmadesimplecms_made_simpleMatch2.0beta4

cmsmadesimplecms_made_simpleMatch2.1

cmsmadesimplecms_made_simpleMatch2.2

cmsmadesimplecms_made_simpleMatch2.2beta1

cmsmadesimplecms_made_simpleMatch2.2beta2

cmsmadesimplecms_made_simpleMatch2.2beta3

cmsmadesimplecms_made_simpleMatch2.2beta4

cmsmadesimplecms_made_simpleMatch2.3

cmsmadesimplecms_made_simpleMatch2.3beta1

cmsmadesimplecms_made_simpleMatch2.3beta2

cmsmadesimplecms_made_simpleMatch2.3beta3

cmsmadesimplecms_made_simpleMatch2.3beta4

cmsmadesimplecms_made_simpleMatch2.3beta5

cmsmadesimplecms_made_simpleMatch2.4beta1

cmsmadesimplecms_made_simpleMatch2.4beta2

cmsmadesimplecms_made_simpleMatch2.4beta3

cmsmadesimplecms_made_simpleMatch2.4beta4

cmsmadesimplecms_made_simpleMatch2.4beta5

cmsmadesimplecms_made_simpleMatch2.4_beta

cmsmadesimplecms_made_simpleMatchbeta_1

cmsmadesimplecms_made_simpleMatchbeta_2

CPENameOperatorVersion
cmsmadesimple:cms_made_simplecmsmadesimple cms made simpleeq1.0
cmsmadesimple:cms_made_simplecmsmadesimple cms made simpleeq1.1
cmsmadesimple:cms_made_simplecmsmadesimple cms made simpleeq1.2
cmsmadesimple:cms_made_simplecmsmadesimple cms made simpleeq1.3
cmsmadesimple:cms_made_simplecmsmadesimple cms made simpleeq2.0
cmsmadesimple:cms_made_simplecmsmadesimple cms made simpleeq2.1
cmsmadesimple:cms_made_simplecmsmadesimple cms made simpleeq2.2
cmsmadesimple:cms_made_simplecmsmadesimple cms made simpleeq2.3
cmsmadesimple:cms_made_simplecmsmadesimple cms made simpleeq2.4
cmsmadesimple:cms_made_simplecmsmadesimple cms made simpleeq2.4_beta

CPE	Name	Operator	Version
cmsmadesimple:cms_made_simple	cmsmadesimple cms made simple	eq	1.0
cmsmadesimple:cms_made_simple	cmsmadesimple cms made simple	eq	1.1
cmsmadesimple:cms_made_simple	cmsmadesimple cms made simple	eq	1.2
cmsmadesimple:cms_made_simple	cmsmadesimple cms made simple	eq	1.3
cmsmadesimple:cms_made_simple	cmsmadesimple cms made simple	eq	2.0
cmsmadesimple:cms_made_simple	cmsmadesimple cms made simple	eq	2.1
cmsmadesimple:cms_made_simple	cmsmadesimple cms made simple	eq	2.2
cmsmadesimple:cms_made_simple	cmsmadesimple cms made simple	eq	2.3
cmsmadesimple:cms_made_simple	cmsmadesimple cms made simple	eq	2.4
cmsmadesimple:cms_made_simple	cmsmadesimple cms made simple	eq	2.4_beta

Rows per page:

1-10 of 121

References

lostmon.blogspot.com/2005/07/cmsimple-search-variable-xss.html

secunia.com/advisories/16147

securitytracker.com/id?1014556

www.aria-security.net/advisory/cmsimple.txt

www.cmsimple.dk/forum/viewtopic.php?t=2470

www.osvdb.org/18128

www.securityfocus.com/archive/1/442106/100/100/threaded

www.securityfocus.com/bid/14346

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.4%

JSON

Related for CVE-2005-2392

nessus1 cvelist1 nvd1 openvas1