Vulners
Lucene search
Sun Solaris AnswerBook2 - Multiple Cross-Site Scripting Vulnerabilities
| Reporter | Title | Published | Views | Family All 15 |
|---|---|---|---|---|
 | Sun AnswerBook2 < 1.4.5 XSS | 8 Mar 200500:00 | – | nessus |
 | CVE-2005-0548 | 9 Mar 200505:00 | – | cve |
| CVE-2005-0549 | 9 Mar 200505:00 | – | cve |
 | CVE-2005-0548 | 9 Mar 200505:00 | – | cvelist |
| CVE-2005-0549 | 9 Mar 200505:00 | – | cvelist |
 | EUVD-2005-0549 | 7 Oct 202500:30 | – | euvd |
| EUVD-2005-0550 | 7 Oct 202500:30 | – | euvd |
 | Sun Solaris AnswerBook2 - Multiple Cross-Site Scripting Vulnerabilities | 7 May 200500:00 | – | exploitpack |
 | CVE-2005-0548 | 7 Mar 200505:00 | – | nvd |
| CVE-2005-0549 | 2 May 200504:00 | – | nvd |
10
Sun Solaris AnswerBook2 is reported prone to multiple cross-site scripting vulnerabilities because the software fails to properly sanitize user-supplied data. Exploits will allow arbitrary HTML and script code to run in a victim's browser, allowing the attacker to steal cookie-based credentials and launch other attacks.
The Search function and the AnswerBook2 admin interface are affected.
AnswerBook2 1.4.4 and prior versions are vulnerable.
Bugtraq ID: 12746
Class: Input Validation Error
CVE: CVE-2005-0548
CVE-2005-0549
Remote: Yes
Local: No
Published: Mar 07 2005 12:00AM
Updated: Dec 11 2009 03:44PM
Credit: Discovery is credited to Thomas Liam Romanis.
Vulnerable: Sun AnswerBook2 1.4.4
Sun AnswerBook2 1.4.3
Sun AnswerBook2 1.4.2
- Sun Solaris 2.5.1 _x86
- Sun Solaris 2.5.1 _x86
- Sun Solaris 2.5.1 _x86
- Sun Solaris 2.5.1 _ppc
- Sun Solaris 2.5.1 _ppc
- Sun Solaris 2.5.1 _ppc
- Sun Solaris 2.5.1
- Sun Solaris 2.5.1
- Sun Solaris 2.5.1
- Sun Solaris 8_x86
- Sun Solaris 8
- Sun Solaris 8
- Sun Solaris 8
- Sun Solaris 7.0_x86
- Sun Solaris 7.0_x86
- Sun Solaris 7.0_x86
- Sun Solaris 7.0
- Sun Solaris 7.0
- Sun Solaris 7.0
- Sun Solaris 2.6_x86
- Sun Solaris 2.6_x86
- Sun Solaris 2.6_x86
- Sun Solaris 2.6
- Sun Solaris 2.6
- Sun Solaris 2.6
- Sun Solaris 2.5_x86
- Sun Solaris 2.5_x86
- Sun Solaris 2.5_x86
- Sun Solaris 2.5
- Sun Solaris 2.5
- Sun Solaris 2.5
- Sun Solaris 2.4_x86
- Sun Solaris 2.4_x86
- Sun Solaris 2.4_x86
- Sun Solaris 2.4
- Sun Solaris 2.4
- Sun Solaris 2.4
- Sun Solaris 2.3
- Sun Solaris 2.3
- Sun Solaris 2.3
Sun AnswerBook2 1.4.1
- Sun Solaris 2.5.1 _x86
- Sun Solaris 2.5.1 _x86
- Sun Solaris 2.5.1 _x86
- Sun Solaris 2.5.1 _ppc
- Sun Solaris 2.5.1 _ppc
- Sun Solaris 2.5.1 _ppc
- Sun Solaris 2.5.1
- Sun Solaris 2.5.1
- Sun Solaris 2.5.1
- Sun Solaris 8_x86
- Sun Solaris 8_x86
- Sun Solaris 8_x86
- Sun Solaris 8
- Sun Solaris 8
- Sun Solaris 8
- Sun Solaris 7.0_x86
- Sun Solaris 7.0_x86
- Sun Solaris 7.0_x86
- Sun Solaris 7.0
- Sun Solaris 7.0
- Sun Solaris 7.0
- Sun Solaris 2.6_x86
- Sun Solaris 2.6_x86
- Sun Solaris 2.6_x86
- Sun Solaris 2.6
- Sun Solaris 2.5_x86
- Sun Solaris 2.5_x86
- Sun Solaris 2.5_x86
- Sun Solaris 2.5
- Sun Solaris 2.5
- Sun Solaris 2.5
- Sun Solaris 2.4_x86
- Sun Solaris 2.4_x86
- Sun Solaris 2.4_x86
- Sun Solaris 2.4
- Sun Solaris 2.4
- Sun Solaris 2.4
- Sun Solaris 2.3
- Sun Solaris 2.3
- Sun Solaris 2.3
Sun AnswerBook2 1.4
- Sun Solaris 2.5.1 _x86
- Sun Solaris 2.5.1 _x86
- Sun Solaris 2.5.1 _x86
- Sun Solaris 2.5.1 _ppc
- Sun Solaris 2.5.1 _ppc
- Sun Solaris 2.5.1 _ppc
- Sun Solaris 2.5.1
- Sun Solaris 2.5.1
- Sun Solaris 2.5.1
- Sun Solaris 8_x86
- Sun Solaris 8
- Sun Solaris 8
- Sun Solaris 8
- Sun Solaris 7.0_x86
- Sun Solaris 7.0_x86
- Sun Solaris 7.0_x86
- Sun Solaris 7.0
- Sun Solaris 7.0
- Sun Solaris 7.0
- Sun Solaris 2.6_x86
- Sun Solaris 2.6_x86
- Sun Solaris 2.6_x86
- Sun Solaris 2.6
- Sun Solaris 2.6
- Sun Solaris 2.6
- Sun Solaris 2.5_x86
- Sun Solaris 2.5_x86
- Sun Solaris 2.5_x86
- Sun Solaris 2.5
- Sun Solaris 2.5
- Sun Solaris 2.5
- Sun Solaris 2.4_x86
- Sun Solaris 2.4_x86
- Sun Solaris 2.4_x86
- Sun Solaris 2.4
- Sun Solaris 2.4
- Sun Solaris 2.4
- Sun Solaris 2.3
- Sun Solaris 2.3
- Sun Solaris 2.3
Sun AnswerBook2 1.3
- Sun Solaris 2.5.1 _x86
- Sun Solaris 2.5.1 _x86
- Sun Solaris 2.5.1 _x86
- Sun Solaris 2.5.1 _ppc
- Sun Solaris 2.5.1 _ppc
- Sun Solaris 2.5.1 _ppc
- Sun Solaris 2.5.1
- Sun Solaris 2.5.1
- Sun Solaris 2.5.1
- Sun Solaris 8_x86
- Sun Solaris 8
- Sun Solaris 8
- Sun Solaris 8
- Sun Solaris 7.0_x86
- Sun Solaris 7.0_x86
- Sun Solaris 7.0_x86
- Sun Solaris 7.0
- Sun Solaris 7.0
- Sun Solaris 7.0
- Sun Solaris 2.6_x86
- Sun Solaris 2.6_x86
- Sun Solaris 2.6_x86
- Sun Solaris 2.6
- Sun Solaris 2.6
- Sun Solaris 2.6
- Sun Solaris 2.5_x86
- Sun Solaris 2.5_x86
- Sun Solaris 2.5_x86
- Sun Solaris 2.5
- Sun Solaris 2.5
- Sun Solaris 2.5
- Sun Solaris 2.4_x86
- Sun Solaris 2.4_x86
- Sun Solaris 2.4_x86
- Sun Solaris 2.4
- Sun Solaris 2.4
- Sun Solaris 2.4
- Sun Solaris 2.3
- Sun Solaris 2.3
- Sun Solaris 2.3
Sun AnswerBook2 1.2
+ Sun Solaris 8_x86
+ Sun Solaris 8
+ Sun Solaris 7.0_x86
+ Sun Solaris 7.0
+ Sun Solaris 2.6_x86
+ Sun Solaris 2.6_sparc
+ Sun Solaris 2.6
The following proofs of concept are available:
For the cross-site scripting issue in the Answerbook2 search function:
http://www.example.com/ab2/Help_C/@Ab2HelpSearch?scope=HELP&DwebQuery=%3Cscript%3Ealert%28%22hello%22%
29%3C%2Fscript%3E&Search=+Search+
For the admin interface 'View Log Files' function:
http://www.example.com/ab2/@Ab2Admin?command=view_accessData
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
07 May 2005 00:00Current
7High risk
Vulners AI Score7
CVSS 24.3
EPSS0.00442