Lucene search

[email protected]CVE-2005-2488

HistoryAug 07, 2005 - 4:00 a.m.

CVE-2005-2488

2005-08-0704:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-2488

xss

web content management

news system

vulnerability

remote attack

html

script

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.009 Low

EPSS

Percentile

82.4%

JSON

Cross-site scripting (XSS) vulnerability in Web Content Management News System allows remote attackers to inject arbitrary web script or HTML via (1) the strRootpath parameter to validsession.php or (2) the strTable parameter to Admin/News/List.php.

CPENameOperatorVersion
web_content_management:web_content_management_news_systemweb content management web content management news systemeq*

CPE	Name	Operator	Version
web_content_management:web_content_management_news_system	web content management web content management news system	eq	*

References

secunia.com/advisories/16317

securitytracker.com/id?1014616

www.rgod.altervista.org/webc.html

www.securityfocus.com/bid/14464

exchange.xforce.ibmcloud.com/vulnerabilities/21689

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.009 Low

EPSS

Percentile

82.4%

JSON