Lucene search

[email protected]CVE-2005-4236

HistoryDec 14, 2005 - 11:03 a.m.

CVE-2005-4236

2005-12-1411:03:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-4236

xss

search.php

ckgold

web security

nvd

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.007 Low

EPSS

Percentile

79.7%

JSON

Cross-site scripting (XSS) vulnerability in search.php in CKGOLD allows remote attackers to inject arbitrary web script or HTML via the search parameters.

CPENameOperatorVersion
cartkeeper:ckgold_shopping_cartcartkeeper ckgold shopping carteq*

CPE	Name	Operator	Version
cartkeeper:ckgold_shopping_cart	cartkeeper ckgold shopping cart	eq	*

References

pridels0.blogspot.com/2005/12/ckgold-xss-vuln.html

secunia.com/advisories/17972

www.osvdb.org/21675

www.securityfocus.com/bid/15854

www.vupen.com/english/advisories/2005/2873

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.007 Low

EPSS

Percentile

79.7%

JSON