Lucene search

[email protected]NVD:CVE-2005-3973

HistoryDec 03, 2005 - 7:03 p.m.

CVE-2005-3973

2005-12-0319:03:00

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.6%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3 allow remote attackers to inject arbitrary web script or HTML via various HTML tags and values, such as the (1) legend tag and the value parameter used in (2) label and (3) input tags, possibly due to an incomplete blacklist.

Affected configurations

NVD

Node

drupaldrupalMatch4.5.0

drupaldrupalMatch4.5.1

drupaldrupalMatch4.5.2

drupaldrupalMatch4.5.3

drupaldrupalMatch4.5.4

drupaldrupalMatch4.5.5

drupaldrupalMatch4.6.0

drupaldrupalMatch4.6.1

drupaldrupalMatch4.6.2

drupaldrupalMatch4.6.3

References

drupal.org/files/sa-2005-007/4.6.3.patch

drupal.org/files/sa-2005-007/advisory.txt

secunia.com/advisories/17824

secunia.com/advisories/18630

www.debian.org/security/2006/dsa-958

www.securityfocus.com/archive/1/418292/100/0/threaded

www.securityfocus.com/bid/15677

www.vupen.com/english/advisories/2005/2684

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.6%

JSON

Related for NVD:CVE-2005-3973

cvelist1 ubuntucve1 cve1 debian2 openvas4 osv1 nessus1