Lucene search

MitreCVE-2005-2886

HistorySep 14, 2005 - 8:03 p.m.

CVE-2005-2886

2005-09-1420:03:00

mitre

web.nvd.nist.gov

cve-2005-2886

cross-site scripting

xss

maxdev md-pro

vulnerability

remote code injection

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.2

Confidence

High

EPSS

0.012

Percentile

85.2%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in MAXdev MD-Pro 1.0.73, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via (1) the print parameter to the print module, the sitename parameter to (2) bb_smilies or (3) bbcode_ref module, or (4) the hlpfile parameter to openwindow.php.

Affected configurations

Nvd

Node

maxdevmd-proMatch1.0.73

VendorProductVersionCPE
maxdevmd-pro1.0.73cpe:2.3:a:maxdev:md-pro:1.0.73:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
maxdev	md-pro	1.0.73	cpe:2.3:a:maxdev:md-pro:1.0.73:::::::*

References

marc.info/?l=bugtraq&m=112603835317458&w=2

rgod.altervista.org/maxdev1073.html

secunia.com/advisories/16731/

www.securityfocus.com/bid/14751

exchange.xforce.ibmcloud.com/vulnerabilities/22200

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.2

Confidence

High

EPSS

0.012

Percentile

85.2%

JSON

Related for CVE-2005-2886