{"enchantments": {"score": {"vector": "NONE", "value": 4.3}, "vulnersScore": 4.3}, "bulletinFamily": "software", "affectedSoftware": [{"name": "contenite", "operator": "eq", "version": "0.11"}], "references": [], "href": "https://vulners.com/osvdb/OSVDB:21832", "id": "OSVDB:21832", "title": "contenite home.php id Variable XSS", "history": [], "type": "osvdb", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "lastseen": "2017-04-28T13:20:18", "edition": 1, "hash": "ec1fd05078f3183c9c3da955004e884ea57810c28fa0b22f7bf9dc7683c3a6cf", "objectVersion": "1.2", "reporter": "r0t(krustevs@googlemail.com)", "description": "## Vulnerability Description\ncontenite contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'id' variable upon submission to the 'home.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\ncontenite contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'id' variable upon submission to the 'home.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Manual Testing Notes\n/home.php?id=[XSS]\n## References:\nVendor URL: http://contenite.de/\n[Secunia Advisory ID:18144](https://secuniaresearch.flexerasoftware.com/advisories/18144/)\nOther Advisory URL: http://pridels.blogspot.com/2005/12/contenite-xss-vuln.html\n[CVE-2005-4387](https://vulners.com/cve/CVE-2005-4387)\nBugtraq ID: 15942\n", "modified": "2005-12-17T10:18:26", "viewCount": 1, "published": "2005-12-17T10:18:26", "cvelist": ["CVE-2005-4387"], "hashmap": [{"key": "affectedSoftware", "hash": "8bfa32554751cb46223d4730776373f0"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "3bcdf66642a96333fc7b6049115d4636"}, {"key": "cvss", "hash": "6e9bdd2021503689a2ad9254c9cdf2b3"}, {"key": "description", "hash": "e986028022a6b2cbb31263689c90e169"}, {"key": "href", "hash": "273014135b899a509c29f3e0bc0fd239"}, {"key": "modified", "hash": "6b896fb7f23d477eb77450a76c5d41dd"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "6b896fb7f23d477eb77450a76c5d41dd"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "03dc8b773aeffb68c06b0976b3061a22"}, {"key": "title", "hash": "4490cec6f4e5d4f42cc78607236d1821"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}]}

{"cve": [{"lastseen": "2016-09-03T06:10:44", "references": ["http://www.vupen.com/english/advisories/2005/2980", "http://pridels0.blogspot.com/2005/12/contenite-xss-vuln.html", "http://www.securityfocus.com/bid/15942"], "description": "Cross-site scripting (XSS) vulnerability in home.php in contenite 0.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter.", "edition": 1, "reporter": "NVD", "published": "2005-12-19T21:03:00", "title": "CVE-2005-4387", "type": "cve", "enchantments": {"score": {"modified": "2016-09-03T06:10:44", "vector": "NONE", "value": 4.3}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2005-4387"], "scanner": [], "cpe": ["cpe:/a:contenite:contenite:0.11"], "modified": "2011-03-07T21:28:11", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-4387", "id": "CVE-2005-4387", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}]}