Lucene search

MitreCVE-2005-1676

HistoryMay 25, 2005 - 4:00 a.m.

CVE-2005-1676

2005-05-2504:00:00

mitre

web.nvd.nist.gov

cve-2005-1676

cross-site scripting

xss

groove mobile workspace

groove virtual office

sharepoint

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

5.8

Confidence

High

EPSS

0.005

Percentile

77.3%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Groove Mobile Workspace in Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, and Groove Workspace before 2.5n build 1871 allow remote attackers to inject arbitrary web script or HTML via the (1) picture columns embedded within SharePoint lists or (2) drop-down menus in a SharePoint list.

Affected configurations

Nvd

Node

groovegroove_workspaceRange≤2.5n_build_1871

groovevirtual_officeRange≤3.1_build_2338

groovevirtual_officeRange≤3.1a_build_2364

VendorProductVersionCPE
groovegroove_workspace*cpe:2.3:a:groove:groove_workspace:*:*:*:*:*:*:*:*
groovevirtual_office*cpe:2.3:a:groove:virtual_office:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
groove	groove_workspace	*	cpe:2.3:a:groove:groove_workspace::::::::
groove	virtual_office	*	cpe:2.3:a:groove:virtual_office::::::::

References

secunia.com/advisories/15421

www.kb.cert.org/vuls/id/372618

www.kb.cert.org/vuls/id/514386

www.kb.cert.org/vuls/id/JGEI-6BCRCC

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

5.8

Confidence

High

EPSS

0.005

Percentile

77.3%

JSON

Related for CVE-2005-1676