Lucene search

MitreCVE-2005-2488

HistoryAug 07, 2005 - 4:00 a.m.

CVE-2005-2488

2005-08-0704:00:00

mitre

web.nvd.nist.gov

cve-2005-2488

xss

web content management

news system

vulnerability

remote attack

html

script

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.009

Percentile

82.7%

JSON

Cross-site scripting (XSS) vulnerability in Web Content Management News System allows remote attackers to inject arbitrary web script or HTML via (1) the strRootpath parameter to validsession.php or (2) the strTable parameter to Admin/News/List.php.

Affected configurations

Nvd

Node

web_content_managementweb_content_management_news_system

VendorProductVersionCPE
web_content_managementweb_content_management_news_system*cpe:2.3:a:web_content_management:web_content_management_news_system:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
web_content_management	web_content_management_news_system	*	cpe:2.3:a:web_content_management:web_content_management_news_system::::::::

References

secunia.com/advisories/16317

securitytracker.com/id?1014616

www.rgod.altervista.org/webc.html

www.securityfocus.com/bid/14464

exchange.xforce.ibmcloud.com/vulnerabilities/21689

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.009

Percentile

82.7%

JSON

Related for CVE-2005-2488