Lucene search

[email protected]CVE-2005-3505

HistoryNov 05, 2005 - 11:02 a.m.

CVE-2005-3505

2005-11-0511:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-3505

cross-site scripting

xss

cpanel

entropy chat

html

javascript

internet explorer

6.2 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.015 Low

EPSS

Percentile

86.6%

JSON

Cross-site scripting (XSS) vulnerability in the Entropy Chat script in cPanel 10.2.0-R82 and 10.6.0-R137 allows remote attackers to inject arbitrary web script or HTML via a chat message containing Javascript in style attributes in tags such as <b>, which are processed by Internet Explorer.

CPENameOperatorVersion
cpanel:cpanelcpaneleq10.2.0_r82
cpanel:cpanelcpaneleq10.6.0_r137

CPE	Name	Operator	Version
cpanel:cpanel	cpanel	eq	10.2.0_r82
cpanel:cpanel	cpanel	eq	10.6.0_r137

References

archives.neohapsis.com/archives/fulldisclosure/2005-11/0124.html

secunia.com/advisories/16609

secunia.com/secunia_research/2005-56/advisory/

securityreason.com/securityalert/148

securitytracker.com/id?1015157

www.osvdb.org/20459

www.securityfocus.com/archive/1/415722/30/0/threaded

www.securityfocus.com/bid/15327

www.vupen.com/english/advisories/2005/2306

6.2 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.015 Low

EPSS

Percentile

86.6%

JSON