CVE-2005-2467
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
6 Medium
AI Score
Confidence
High
0.014 Low
EPSS
Percentile
86.6%
Multiple cross-site scripting (XSS) vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to view.php, (2) release parameter to list.php, or (3) F parameter to get_jsrs_data.php.
Affected configurations
References
lists.mysql.com/eventum-users/2072
marc.info/?l=bugtraq&m=112292193807958&w=2
secunia.com/advisories/16304
securitytracker.com/id?1014603
www.gulftech.org/?node=research&article_id=00093-07312005
www.osvdb.org/18400
www.osvdb.org/18401
www.osvdb.org/18402
www.securityfocus.com/bid/14436
www.vupen.com/english/advisories/2005/1287
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
6 Medium
AI Score
Confidence
High
0.014 Low
EPSS
Percentile
86.6%