Lucene search

[email protected]CVE-2005-4484

HistoryDec 22, 2005 - 11:03 a.m.

CVE-2005-4484

2005-12-2211:03:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

2005

4484

xss

vulnerabilities

intranetapp

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

60.7%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in IntranetApp 3.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ret_page parameter to login.asp or the (2) do_search and (3) search parameters to content.asp.

CPENameOperatorVersion
iatek:intranetappiatek intranetapple3.3

CPE	Name	Operator	Version
iatek:intranetapp	iatek intranetapp	le	3.3

References

pridels0.blogspot.com/2005/12/intranetapp-xss-vuln.html

secunia.com/advisories/18200

www.securityfocus.com/bid/16010

www.vupen.com/english/advisories/2005/3039

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

60.7%

JSON