Lucene search

[email protected]CVE-2005-4063

HistoryDec 07, 2005 - 11:03 a.m.

CVE-2005-4063

2005-12-0711:03:00

[email protected]

web.nvd.nist.gov

security

xss

netauctionhelp

cve-2005-4063

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.6%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in NetAuctionHelp 3.0 and earlier allow remote attackers to inject arbitrary HTML and web script via the (1) L, (2) sort, (3) category, (4) categoryname parameters to search.asp.

Affected configurations

NVD

Node

netauctionhelpnetauctionhelpRange≤3.0

CPENameOperatorVersion
netauctionhelp:netauctionhelpnetauctionhelple3.0

CPE	Name	Operator	Version
netauctionhelp:netauctionhelp	netauctionhelp	le	3.0

References

pridels0.blogspot.com/2005/12/netauctionhelp-v30-xss-vuln.html

secunia.com/advisories/17902

www.osvdb.org/21474

www.securityfocus.com/bid/15737

www.vupen.com/english/advisories/2005/2761

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.6%

JSON

Related for CVE-2005-4063

cvelist1 nvd1