Lucene search

[email protected]CVE-2005-2736

HistoryAug 30, 2005 - 11:45 a.m.

CVE-2005-2736

2005-08-3011:45:00

[email protected]

web.nvd.nist.gov

nvd

cve-2005-2736

cross-site scripting

xss

yapig 0.95

security vulnerability

exif data

5.7 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

82.1%

JSON

Cross-site scripting (XSS) vulnerability in YaPig 0.95 and earlier allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag.

Affected configurations

NVD

Node

yapigyapigMatch0.92b

yapigyapigMatch0.93u

yapigyapigMatch0.94u

yapigyapigMatch0.95

yapigyapigMatch0.95b

CPENameOperatorVersion
yapig:yapigyapigeq0.92b
yapig:yapigyapigeq0.93u
yapig:yapigyapigeq0.94u
yapig:yapigyapigeq0.95
yapig:yapigyapigeq0.95b

CPE	Name	Operator	Version
yapig:yapig	yapig	eq	0.92b
yapig:yapig	yapig	eq	0.93u
yapig:yapig	yapig	eq	0.94u
yapig:yapig	yapig	eq	0.95
yapig:yapig	yapig	eq	0.95b

References

cedri.cc/advisories/EXIF_XSS.txt

marc.info/?l=bugtraq&m=112511025414488&w=2

secunia.com/advisories/16596/

securitytracker.com/id?1014802

www.securityfocus.com/bid/14670

exchange.xforce.ibmcloud.com/vulnerabilities/22020

5.7 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

82.1%

JSON

Related for CVE-2005-2736

nvd1 cvelist1 nessus1