Lucene search

[email protected]CVE-2005-4381

HistoryDec 20, 2005 - 2:03 a.m.

CVE-2005-4381

2005-12-2002:03:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-4381

cross-site scripting

xss

web script

html

security vulnerability

6.2 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

75.7%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Caravel CMS 3.0 Beta 1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) fileDN and (2) folderviewer_attrs parameters.

CPENameOperatorVersion
caravel_cms:caravel_cmscaravel cmsle3.0_beta_1

CPE	Name	Operator	Version
caravel_cms:caravel_cms	caravel cms	le	3.0_beta_1

References

pridels0.blogspot.com/2005/12/caravel-cms-xss.html

secunia.com/advisories/18151

www.osvdb.org/21833

www.osvdb.org/21834

www.securityfocus.com/bid/15939

www.vupen.com/english/advisories/2005/2976

6.2 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

75.7%

JSON