Lucene search

[email protected]CVE-2005-3955

HistoryDec 01, 2005 - 11:00 a.m.

CVE-2005-3955

2005-12-0111:00:00

CWE-79

[email protected]

web.nvd.nist.gov

magpierss

xss

vulnerabilities

remote attackers

web script

html

nvd

cve-2005-3955

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

83.0%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in MagpieRSS 7.1, as used in (a) blogBuddiesv 0.3, (b) Jaws 0.6.2, and possibly other products, allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) magpie_debug.php and (2) rss_url parameter to (b) magpie_slashbox.php and © simple_smarty.php.

Affected configurations

NVD

Node

blogbuddiesblogbuddiesMatch0.3

jawsjawsMatch0.6.2

magpierssmagpierssMatch7.1

CPENameOperatorVersion
blogbuddies:blogbuddiesblogbuddieseq0.3
jaws:jawsjawseq0.6.2
magpierss:magpierssmagpiersseq7.1

CPE	Name	Operator	Version
blogbuddies:blogbuddies	blogbuddies	eq	0.3
jaws:jaws	jaws	eq	0.6.2
magpierss:magpierss	magpierss	eq	7.1

References

retrogod.altervista.org/JAWS_062_sql.html

seclists.org/fulldisclosure/2015/May/35

secunia.com/advisories/17741

secunia.com/advisories/20842

securitytracker.com/id?1015264

sourceforge.net/tracker/index.php?func=detail&aid=1366743&group_id=127552&atid=708847

www.jaws-project.com/index.php?blog/show/29

www.osvdb.org/21112

www.osvdb.org/21113

www.osvdb.org/21643

www.securityfocus.com/archive/1/438434/100/0/threaded

www.securityfocus.com/bid/15555

www.securityfocus.com/bid/18665

www.vupen.com/english/advisories/2006/2546

exchange.xforce.ibmcloud.com/vulnerabilities/27337

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

83.0%

JSON

Related for CVE-2005-3955

cvelist1 nvd1