CVE-2005-3867

2005-11-2911:00:00

mitre

www.cve.org

5.7 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.9%

JSON

Cross-site scripting (XSS) vulnerability in RevenuePilot Search Engine Script 1.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the REQ parameter, which is used when performing a search.

References

pridels0.blogspot.com/2005/11/revenuepilot-search-engine-xss-vuln.html

secunia.com/advisories/17717

www.osvdb.org/21143

www.securityfocus.com/bid/15612

www.securityfocus.com/bid/16129

www.vupen.com/english/advisories/2005/2607

exchange.xforce.ibmcloud.com/vulnerabilities/23345