Lucene search

[email protected]CVE-2005-3638

HistoryNov 16, 2005 - 9:22 p.m.

CVE-2005-3638

2005-11-1621:22:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-3638

ekinboard

xss

remote attack

web script injection

html injection

6.6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.028 Low

EPSS

Percentile

90.5%

JSON

Cross-site scripting (XSS) vulnerabilities in Ekinboard 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in profile.php and (2) titles of posts.

CPENameOperatorVersion
ekinboard:ekinboardekinboardeq1.0.3

CPE	Name	Operator	Version
ekinboard:ekinboard	ekinboard	eq	1.0.3

References

irannetjob.com/content/view/162/28/

secunia.com/advisories/17569

securitytracker.com/id?1015207

www.osvdb.org/20844

www.securityfocus.com/bid/15443

www.securityfocus.com/bid/15447

www.vupen.com/english/advisories/2005/2419

6.6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.028 Low

EPSS

Percentile

90.5%

JSON