ID CVE-2005-4044 Type cve Reporter NVD Modified 2017-07-19T21:29:09
Description
Cross-site scripting (XSS) vulnerability in search.cgi in Amazon Search Directory 1.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly the search parameter.
{"osvdb": [{"lastseen": "2017-04-28T13:20:18", "bulletinFamily": "software", "description": "## Vulnerability Description\nAmazon Search Directory contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'search' variable upon submission to the 'search.cgi' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nAmazon Search Directory contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'search' variable upon submission to the 'search.cgi' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## References:\nVendor URL: http://www.mrcgiguy.com/amazondetails.shtml\n[Secunia Advisory ID:17875](https://secuniaresearch.flexerasoftware.com/advisories/17875/)\nOther Advisory URL: http://pridels.blogspot.com/2005/12/amazon-search-directory-xss-vuln.html\nISS X-Force ID: 23408\n[CVE-2005-4044](https://vulners.com/cve/CVE-2005-4044)\n", "modified": "2005-12-05T16:46:58", "published": "2005-12-05T16:46:58", "href": "https://vulners.com/osvdb/OSVDB:21438", "id": "OSVDB:21438", "title": "Amazon Search Directory search.cgi search Variable XSS", "type": "osvdb", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}]}