Lucene search

[email protected]CVE-2005-4060

HistoryDec 07, 2005 - 11:03 a.m.

CVE-2005-4060

2005-12-0711:03:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2005-4060

cross-site scripting

xss

searchasp

rwauction pro

security vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.4%

JSON

Cross-site scripting (XSS) vulnerability in search.asp in rwAuction Pro 4.0 and 5.0 allows remote attackers to inject arbitrary web script or HTML via the searchtxt parameter.

Affected configurations

NVD

Node

rainworxrwauction_proMatch4.0

rainworxrwauction_proMatch5.0

CPENameOperatorVersion
rainworx:rwauction_prorainworx rwauction proeq4.0
rainworx:rwauction_prorainworx rwauction proeq5.0

CPE	Name	Operator	Version
rainworx:rwauction_pro	rainworx rwauction pro	eq	4.0
rainworx:rwauction_pro	rainworx rwauction pro	eq	5.0

References

pridels-team.blogspot.com/2007/06/rwauction-pro-xss-vuln.html

pridels0.blogspot.com/2005/12/rwauction-pro-v40-xss-vuln.html

secunia.com/advisories/17905

www.attrition.org/pipermail/vim/2006-April/000713.html

www.osvdb.org/21475

www.securityfocus.com/bid/15740

www.vupen.com/english/advisories/2005/2758

exchange.xforce.ibmcloud.com/vulnerabilities/23466

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.4%

JSON

Related for CVE-2005-4060

cvelist2 nvd2 prion1 cve1