Lucene search

[email protected]CVE-2005-4481

HistoryDec 22, 2005 - 11:03 a.m.

CVE-2005-4481

2005-12-2211:03:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

2005

4481

xss

vulnerability

polopoly

remote attackers

web script

html

search parameters

nvd

6.2 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.8%

JSON

Cross-site scripting (XSS) vulnerability in Polopoly 9 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. NOTE: the vendor has disputed this vulnerability, stating that the “XSS flaw was only part of the custom implementation of the [polopoly] site”. As of 20061003, CVE has no further information on this issue, except that the original researcher has a history of testing live sites and assuming that discoveries indicate vulnerabilities in the associated package

CPENameOperatorVersion
polopoly:polopolypolopolyle9.0

CPE	Name	Operator	Version
polopoly:polopoly	polopoly	le	9.0

References

attrition.org/pipermail/vim/2006-September/001056.html

pridels0.blogspot.com/2005/12/polopoly-xss-vuln.html

www.osvdb.org/21878

www.securityfocus.com/bid/16007

6.2 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.8%

JSON