CVE-2005-0085
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
5.7 Medium
AI Score
Confidence
High
0.023 Low
EPSS
Percentile
89.8%
Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message.
Affected configurations
References
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.46/SCOSA-2005.46.txt
secunia.com/advisories/14255
secunia.com/advisories/14276
secunia.com/advisories/14303
secunia.com/advisories/14795
secunia.com/advisories/15007
secunia.com/advisories/17414
secunia.com/advisories/17415
securitytracker.com/id?1013078
www.debian.org/security/2005/dsa-680
www.gentoo.org/security/en/glsa/glsa-200502-16.xml
www.mandriva.com/security/advisories?name=MDKSA-2005:063
www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00002.html
www.redhat.com/support/errata/RHSA-2005-073.html
www.redhat.com/support/errata/RHSA-2005-090.html
www.securityfocus.com/bid/12442
exchange.xforce.ibmcloud.com/vulnerabilities/19223
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10878
Related
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
5.7 Medium
AI Score
Confidence
High
0.023 Low
EPSS
Percentile
89.8%