Lucene search

[email protected]CVE-2005-4398

HistoryDec 20, 2005 - 11:03 a.m.

CVE-2005-4398

2005-12-2011:03:00

[email protected]

web.nvd.nist.gov

cve-2005-4398

lemoon

xss

remote attackers

web script

html

asp.net

dispute

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.6 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.0%

JSON

NOTE: the vendor has disputed this issue. Cross-site scripting (XSS) vulnerability in lemoon 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the q parameter. NOTE: the vendor has disputed this issue, saying "Sites are built on top of ASP.NET and you use lemoon core objects to easily manage and render content. The XSS vuln. you are referring to exists in one of our public sites built on lemoon i.e. a custom made site (as all sites are). The problem exists in a UserControl that handles form input and is in no way related to the lemoon core product.

Affected configurations

NVD

Node

mindroute_softwarelemoonRange≤2.0

References

pridels0.blogspot.com/2005/12/lemoon-xss-vuln.html

secunia.com/advisories/18119

www.osvdb.org/21820

www.securityfocus.com/bid/15949

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.6 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.0%

JSON

Related for CVE-2005-4398

nvd1 cvelist1