Lucene search

[email protected]CVE-2005-4374

HistoryDec 20, 2005 - 2:03 a.m.

CVE-2005-4374

2005-12-2002:03:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-4374

cross-site scripting

xss

vulnerabilities

allinta 2.3.2

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

73.9%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Allinta 2.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) s parameter to faq.asp and (2) searchQuery parameter to search.asp.

CPENameOperatorVersion
allinta:allintaallintale2.3.2

CPE	Name	Operator	Version
allinta:allinta	allinta	le	2.3.2

References

pridels0.blogspot.com/2005/12/allinta-23x-xss-vuln.html

secunia.com/advisories/18060

www.osvdb.org/21784

www.osvdb.org/21785

www.securityfocus.com/bid/15935

www.vupen.com/english/advisories/2005/2971

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

73.9%

JSON