Lucene search

[email protected]CVE-2005-4284

HistoryDec 16, 2005 - 11:03 a.m.

CVE-2005-4284

2005-12-1611:03:00

[email protected]

web.nvd.nist.gov

cve-2005-4284

cross-site scripting

xss vulnerability

staticstore search engine

search engine

security vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.3%

JSON

Cross-site scripting (XSS) vulnerability in StaticStore Search Engine 1.189A and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to search.cgi, possibly the keywords parameter. NOTE: this issue was originally disputed by the vendor, but it has since been acknowledged.

Affected configurations

NVD

Node

static_storestaticstoreRange≤1.189a

CPENameOperatorVersion
static_store:staticstorestatic store staticstorele1.189a

CPE	Name	Operator	Version
static_store:staticstore	static store staticstore	le	1.189a

References

pridels0.blogspot.com/2005/12/staticstore-search-engine-friendly-e.html

secunia.com/advisories/18037

www.osvdb.org/21714

www.osvdb.org/22032

www.securityfocus.com/bid/15895

www.vupen.com/english/advisories/2005/2915

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.3%

JSON

Related for CVE-2005-4284

nvd1 cvelist1