Lucene search

[email protected]CVE-2005-4292

HistoryDec 16, 2005 - 11:03 a.m.

CVE-2005-4292

2005-12-1611:03:00

[email protected]

web.nvd.nist.gov

xss

cross-site scripting

commercesql

vulnerability

remote attackers

web script

html

search module parameters

quick find feature

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.6%

JSON

Cross-site scripting (XSS) vulnerability in CommerceSQL 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search module parameters, possibly the keywords parameter in the Quick Find feature.

Affected configurations

NVD

Node

internet_express_productscommercesqlRange≤1.0

CPENameOperatorVersion
internet_express_products:commercesqlinternet express products commercesqlle1.0

CPE	Name	Operator	Version
internet_express_products:commercesql	internet express products commercesql	le	1.0

References

pridels0.blogspot.com/2005/12/commercesql-xss-vuln.html

secunia.com/advisories/17932

www.osvdb.org/21717

www.securityfocus.com/bid/15888

www.vupen.com/english/advisories/2005/2920

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.6%

JSON

Related for CVE-2005-4292

cvelist1 nvd1