Lucene search

[email protected]CVE-2005-2588

HistoryAug 17, 2005 - 4:00 a.m.

CVE-2005-2588

2005-08-1704:00:00

[email protected]

web.nvd.nist.gov

vulnerability

xss

dvbbs 7.1

remote attackers

web script

html

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.0%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in DVBBS 7.1 SP2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the page parameter to dispbbs.asp, (2) name parameter to dispuser.asp, or the (3) title, (4) view, or (5) act parameter to boardhelp.asp.

Affected configurations

NVD

Node

dvbbsdvbbsMatch7.1

dvbbsdvbbsMatch7.1_sp2

CPENameOperatorVersion
dvbbs:dvbbsdvbbseq7.1
dvbbs:dvbbsdvbbseq7.1_sp2

CPE	Name	Operator	Version
dvbbs:dvbbs	dvbbs	eq	7.1
dvbbs:dvbbs	dvbbs	eq	7.1_sp2

References

lostmon.blogspot.com/2005/08/dvbbs-multiple-variable-cross-site.html

secunia.com/advisories/16131

securitytracker.com/id?1014632

www.osvdb.org/18512

www.securityfocus.com/bid/14498

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.0%

JSON

Related for CVE-2005-2588

cvelist1 nvd1