Lucene search

MitreCVE-2005-3959

HistoryDec 01, 2005 - 11:00 a.m.

CVE-2005-3959

2005-12-0111:00:00

mitre

web.nvd.nist.gov

cve-2005-3959

cross-site scripting

xss

freewebstat

remote attackers

web script

html

pixel.php

stat.php

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.1

Confidence

High

EPSS

0.017

Percentile

88.0%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in FreeWebStat 1.0 rev37 allow remote attackers to inject arbitrary web script or HTML via the (1) site, (2) jsref, (3) jsres, and (4) jscolor parameters to pixel.php, which are not sanitized before being included in the logdb.html file, and (5) the search key to stat.php.

Affected configurations

Nvd

Node

freewebstatfreewebstatMatch1.0_rev37

VendorProductVersionCPE
freewebstatfreewebstat1.0_rev37cpe:2.3:a:freewebstat:freewebstat:1.0_rev37:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
freewebstat	freewebstat	1.0_rev37	cpe:2.3:a:freewebstat:freewebstat:1.0_rev37:::::::*

References

secunia.com/advisories/17783

securitytracker.com/id?1015301

www.freewebstat.com/changelog-english.html

www.osvdb.org/21207

www.securityfocus.com/archive/1/417902/100/0/threaded

www.securityfocus.com/bid/15601

www.ush.it/2005/11/25/free-web-stat/

www.vupen.com/english/advisories/2005/2646

exchange.xforce.ibmcloud.com/vulnerabilities/23387

exchange.xforce.ibmcloud.com/vulnerabilities/23391

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.1

Confidence

High

EPSS

0.017

Percentile

88.0%

JSON

Related for CVE-2005-3959