Lucene search

[email protected]CVE-2005-4785

HistoryApr 14, 2006 - 11:00 p.m.

CVE-2005-4785

2006-04-1423:00:00

[email protected]

web.nvd.nist.gov

cve-2005-4785

cross-site scripting

xss

quickblogger

security vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.8%

JSON

Cross-site scripting (XSS) vulnerability in QuickBlogger 1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) author (“your name”) and (2) “comment” section.

Affected configurations

NVD

Node

jl_webworksquickbloggerMatch1.4

CPENameOperatorVersion
jl_webworks:quickbloggerjl webworks quickbloggereq1.4

CPE	Name	Operator	Version
jl_webworks:quickblogger	jl webworks quickblogger	eq	1.4

References

archives.neohapsis.com/archives/fulldisclosure/2005-07/0090.html

exploitlabs.com/files/advisories/EXPL-A-2005-011-quickblogger.txt

secunia.com/advisories/15942

securitytracker.com/id?1014386

www.securityfocus.com/bid/14152

www.vupen.com/english/advisories/2005/0987

exchange.xforce.ibmcloud.com/vulnerabilities/21244

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.8%

JSON

Related for CVE-2005-4785

cvelist1 nvd1