Lucene search

MitreCVE-2005-3200

HistoryOct 14, 2005 - 10:02 a.m.

CVE-2005-3200

2005-10-1410:02:00

mitre

web.nvd.nist.gov

cve-2005-3200

cross-site scripting

xss

utopia news pro

unp

remote attackers

web script injection

html injection

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

Confidence

High

EPSS

0.011

Percentile

85.0%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Utopia News Pro (UNP) 1.1.3 and 1.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the sitetitle parameter in header.php and (2) the version and (3) query_count parameters in footer.php.

Affected configurations

Nvd

Node

utopia_softwareutopia_news_proMatch1.1.3

utopia_softwareutopia_news_proMatch1.1.4

VendorProductVersionCPE
utopia_softwareutopia_news_pro1.1.3cpe:2.3:a:utopia_software:utopia_news_pro:1.1.3:*:*:*:*:*:*:*
utopia_softwareutopia_news_pro1.1.4cpe:2.3:a:utopia_software:utopia_news_pro:1.1.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
utopia_software	utopia_news_pro	1.1.3	cpe:2.3:a:utopia_software:utopia_news_pro:1.1.3:::::::*
utopia_software	utopia_news_pro	1.1.4	cpe:2.3:a:utopia_software:utopia_news_pro:1.1.4:::::::*

References

marc.info/?l=bugtraq&m=112872691119874&w=2

rgod.altervista.org/utopia113.html

secunia.com/advisories/17115/

securitytracker.com/id?1015016

www.osvdb.org/19940

www.osvdb.org/19941

www.securityfocus.com/bid/15027

www.utopiasoftware.net/

exchange.xforce.ibmcloud.com/vulnerabilities/22554

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

Confidence

High

EPSS

0.011

Percentile

85.0%

JSON

Related for CVE-2005-3200