Lucene search

[email protected]CVE-2005-2861

HistorySep 08, 2005 - 10:03 a.m.

CVE-2005-2861

2005-09-0810:03:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-2861

cross-site scripting

xss

n-stealth commercial edition

security vulnerability

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

58.7%

JSON

Cross-site scripting (XSS) vulnerability in N-Stealth Commercial Edition before 5.8.0.38 and Free Edition before 5.8.1.03 allows remote attackers to inject arbitrary web script or HTML via the Server field in an HTTP response header, which is directly injected into an HTML report.

CPENameOperatorVersion
n-stalker:n-stealthn-stalker n-stealtheqfree_5.8
n-stalker:n-stealthn-stalker n-stealtheqcommercial_5.8

CPE	Name	Operator	Version
n-stalker:n-stealth	n-stalker n-stealth	eq	free_5.8
n-stalker:n-stealth	n-stalker n-stealth	eq	commercial_5.8

References

seclists.org/lists/vulnwatch/2005/Jul-Sep/0032.html

www.cybsec.com/vuln/010905-multiple_webscanner_script_injection.pdf

www.securityfocus.com/bid/14717

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

58.7%

JSON