Lucene search

[email protected]CVE-2005-3308

HistoryOct 26, 2005 - 1:02 a.m.

CVE-2005-3308

2005-10-2601:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

2005

3308

xss

vulnerabilities

zomplog 3.4

remote attackers

web script

html

parameter

nvd

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

81.8%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Zomplog 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) comment parameter in detail.php, (3) the username parameter in get.php, and (4) the search parameter in index.php.

CPENameOperatorVersion
zomplog:zomplogzomplogeq3.3
zomplog:zomplogzomplogeq3.4

CPE	Name	Operator	Version
zomplog:zomplog	zomplog	eq	3.3
zomplog:zomplog	zomplog	eq	3.4

References

marc.info/?l=bugtraq&m=113019053831123&w=2

secunia.com/advisories/17306/

securitytracker.com/alerts/2005/Oct/1015088.html

www.osvdb.org/20253

www.osvdb.org/20254

www.osvdb.org/20255

www.securityfocus.com/bid/15168

exchange.xforce.ibmcloud.com/vulnerabilities/22828

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

81.8%

JSON