Lucene search

[email protected]CVE-2005-2430

HistoryAug 03, 2005 - 4:00 a.m.

CVE-2005-2430

2005-08-0304:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

cross-site scripting

xss

gforge 4.5

security vulnerabilities

remote attacks

5.6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.012 Low

EPSS

Percentile

85.0%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5 allow remote attackers to inject arbitrary web script or HTML via the (1) forum_id or (2) group_id parameter to forum.php, (3) project_task_id parameter to task.php, (4) id parameter to detail.php, (5) the text field on the search page, (6) group_id parameter to qrs.php, (7) form, (8) rows, (9) cols or (10) wrap parameter to notepad.php, or the login field on the login form.

CPENameOperatorVersion
gforge:gforgegforgeeq4.5

CPE	Name	Operator	Version
gforge:gforge	gforge	eq	4.5

References

marc.info/?l=bugtraq&m=112259845904350&w=2

secunia.com/advisories/16253/

secunia.com/advisories/20622

www.debian.org/security/2006/dsa-1094

www.osvdb.org/18299

www.osvdb.org/18300

www.osvdb.org/18301

www.osvdb.org/18302

www.osvdb.org/18303

www.osvdb.org/18304

www.securityfocus.com/bid/14405

exchange.xforce.ibmcloud.com/vulnerabilities/21558

5.6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.012 Low

EPSS

Percentile

85.0%

JSON

Related for CVE-2005-2430

nessus3 openvas4 debian1 ubuntucve1 freebsd1