Lucene search

MitreCVE-2005-4407

HistoryDec 20, 2005 - 11:03 a.m.

CVE-2005-4407

2005-12-2011:03:00

mitre

web.nvd.nist.gov

cve-2005-4407

cross-site scripting

xss

mercury cms

index.cfm

web script injection

html injection

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

Confidence

High

EPSS

0.002

Percentile

53.9%

JSON

Cross-site scripting (XSS) vulnerability in index.cfm in Mercury CMS 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) content and (2) criteria parameters.

Affected configurations

Nvd

Node

tmc_visionpoolmercury_cmsRange≤4.0

VendorProductVersionCPE
tmc_visionpoolmercury_cms*cpe:2.3:a:tmc_visionpool:mercury_cms:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tmc_visionpool	mercury_cms	*	cpe:2.3:a:tmc_visionpool:mercury_cms::::::::

References

pridels0.blogspot.com/2005/12/mercury-cms-vuln.html

www.osvdb.org/21863

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

Confidence

High

EPSS

0.002

Percentile

53.9%

JSON

Related for CVE-2005-4407