Lucene search

[email protected]CVE-2005-4555

HistoryDec 28, 2005 - 11:03 a.m.

CVE-2005-4555

2005-12-2811:03:00

[email protected]

web.nvd.nist.gov

cve-2005-4555

xss

web management system

vulnerability

remote attackers

web script

html

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

High

0.029 Low

EPSS

Percentile

90.9%

JSON

Cross-site scripting (XSS) vulnerability in add.php in DEV web management system 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) ENTER_ARTICLE_TITLE, (2) SPECIFY_ZONE, (3) ENTER_ARTICLE_HEADER, and (4) ENTER_ARTICLE_BODY indices in the language array parameter.

Affected configurations

NVD

Node

devdev_web_management_systemMatch1.5

CPENameOperatorVersion
dev:dev_web_management_systemdev dev web management systemeq1.5

CPE	Name	Operator	Version
dev:dev_web_management_system	dev dev web management system	eq	1.5

References

rgod.altervista.org/dev_15_sql_xpl.html

secunia.com/advisories/18239

securitytracker.com/id?1015410

www.osvdb.org/22043

www.securityfocus.com/archive/1/420253/100/0/threaded

www.securityfocus.com/bid/16063

exchange.xforce.ibmcloud.com/vulnerabilities/23900

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

High

0.029 Low

EPSS

Percentile

90.9%

JSON

Related for CVE-2005-4555

nvd1 cvelist1