CVE-2005-2416
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6 Medium
AI Score
Confidence
High
0.01 Low
EPSS
Percentile
84.1%
Multiple cross-site scripting (XSS) vulnerabilities in Contrexx before 1.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) term parameter to the search module or (2) title in the blog aggregation module.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| astalavista_it_engineering:contrexx | astalavista it engineering contrexx | le | 1.0.4 |
References
marc.info/?l=bugtraq&m=112206702015439&w=2
secunia.com/advisories/16169
securitytracker.com/id?1014554
www.hardened-php.net/advisory_112005.59.html
www.osvdb.org/18168
www.osvdb.org/18169
www.securityfocus.com/bid/14352
exchange.xforce.ibmcloud.com/vulnerabilities/21484
exchange.xforce.ibmcloud.com/vulnerabilities/21487
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6 Medium
AI Score
Confidence
High
0.01 Low
EPSS
Percentile
84.1%