Lucene search

[email protected]NVD:CVE-2005-1444

HistoryMay 03, 2005 - 4:00 a.m.

CVE-2005-1444

2005-05-0304:00:00

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

5.8

Confidence

High

EPSS

0.037

Percentile

91.9%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to inject arbitrary web script or HTML via (1) the v, show, or sec_name parameters to main.php, (2) the inadmin, newsev, or postid parameters to 5.php, or (3) the id parameter to 0.php.

Affected configurations

Nvd

Node

sitepanelsitepanelRange≤2.6.1

VendorProductVersionCPE
sitepanelsitepanel*cpe:2.3:a:sitepanel:sitepanel:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sitepanel	sitepanel	*	cpe:2.3:a:sitepanel:sitepanel::::::::

References

forum.sitepanel2.com/index.php?showtopic=271

secunia.com/advisories/15213

www.gulftech.org/?node=research&article_id=00072-05032005

www.osvdb.org/16262

www.osvdb.org/16263

www.osvdb.org/16264

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

5.8

Confidence

High

EPSS

0.037

Percentile

91.9%

JSON

Related for NVD:CVE-2005-1444

cvelist1 cve1