CVE-2005-4574

2005-12-2911:03:00

[email protected]

web.nvd.nist.gov

cve-2005-4574

cross-site scripting

xss

loader.cfm

paperthin commonspot content server

security vulnerability

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

81.6%

JSON

Cross-site scripting (XSS) vulnerability in loader.cfm in PaperThin CommonSpot Content Server 4.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the bNewWindow parameter.

Affected configurations

NVD

Node

paperthincommonspot_content_serverRange≤4.5

paperthincommonspot_content_serverMatch2.5

paperthincommonspot_content_serverMatch3.0

paperthincommonspot_content_serverMatch3.2

paperthincommonspot_content_serverMatch4.0

CPENameOperatorVersion
paperthin:commonspot_content_serverpaperthin commonspot content serverle4.5
paperthin:commonspot_content_serverpaperthin commonspot content servereq2.5
paperthin:commonspot_content_serverpaperthin commonspot content servereq3.0
paperthin:commonspot_content_serverpaperthin commonspot content servereq3.2
paperthin:commonspot_content_serverpaperthin commonspot content servereq4.0

CPE	Name	Operator	Version
paperthin:commonspot_content_server	paperthin commonspot content server	le	4.5
paperthin:commonspot_content_server	paperthin commonspot content server	eq	2.5
paperthin:commonspot_content_server	paperthin commonspot content server	eq	3.0
paperthin:commonspot_content_server	paperthin commonspot content server	eq	3.2
paperthin:commonspot_content_server	paperthin commonspot content server	eq	4.0