Lucene search

[email protected]CVE-2005-2488

HistoryAug 07, 2005 - 4:00 a.m.

CVE-2005-2488

2005-08-0704:00:00

[email protected]

web.nvd.nist.gov

cve-2005-2488

xss

web content management

news system

vulnerability

remote attack

html

script

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.7%

JSON

Cross-site scripting (XSS) vulnerability in Web Content Management News System allows remote attackers to inject arbitrary web script or HTML via (1) the strRootpath parameter to validsession.php or (2) the strTable parameter to Admin/News/List.php.

Affected configurations

NVD

Node

web_content_managementweb_content_management_news_system

CPENameOperatorVersion
web_content_management:web_content_management_news_systemweb content management web content management news systemeq*

CPE	Name	Operator	Version
web_content_management:web_content_management_news_system	web content management web content management news system	eq	*

References

secunia.com/advisories/16317

securitytracker.com/id?1014616

www.rgod.altervista.org/webc.html

www.securityfocus.com/bid/14464

exchange.xforce.ibmcloud.com/vulnerabilities/21689

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.7%

JSON

Related for CVE-2005-2488

cvelist1 nvd1