Lucene search

[email protected]NVD:CVE-2005-2674

HistoryAug 23, 2005 - 4:00 a.m.

CVE-2005-2674

2005-08-2304:00:00

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.6

Confidence

High

EPSS

0.003

Percentile

71.1%

JSON

Note: the vendor has disputed this issue. Multiple cross-site scripting (XSS) vulnerabilities in Land Down Under (LDU) 800 allow remote attackers to inject arbitrary web script or HTML via the (1) c or (2) m parameters to index.php or (3) w parameter to journal.php. NOTE: this issue has been disputed by the vendor, who says "None of the tricks written there are working, the variables are properly sanitized and no LDU version is affected.

Affected configurations

Nvd

Node

neocromeland_down_underMatch800

VendorProductVersionCPE
neocromeland_down_under800cpe:2.3:a:neocrome:land_down_under:800:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
neocrome	land_down_under	800	cpe:2.3:a:neocrome:land_down_under:800:::::::*

References

marc.info/?l=bugtraq&m=112456235729717&w=2

securitytracker.com/id?1014747

www.neocrome.net

www.securityfocus.com/bid/14619

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.6

Confidence

High

EPSS

0.003

Percentile

71.1%

JSON

Related for NVD:CVE-2005-2674

exploitdb2 cvelist1 cve1 nessus2 openvas3