Lucene search

MitreCVE-2005-3834

HistoryNov 26, 2005 - 8:03 p.m.

CVE-2005-3834

2005-11-2620:03:00

mitre

web.nvd.nist.gov

cve

2005

3834

cross-site scripting

xss

vulnerability

search.php

tunez 1.21

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

Confidence

High

EPSS

0.008

Percentile

81.6%

JSON

Cross-site scripting (XSS) vulnerability in search.php in Tunez 1.21 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchFor parameter.

Affected configurations

Nvd

Node

tuneztunezMatch0.1

tuneztunezMatch0.2

tuneztunezMatch0.3

tuneztunezMatch0.4

tuneztunezMatch0.5

tuneztunezMatch0.5.5

tuneztunezMatch0.7

tuneztunezMatch0.9

tuneztunezMatch1.0.0

tuneztunezMatch1.1

tuneztunezMatch1.15

tuneztunezMatch1.20

tuneztunezMatch1.21

VendorProductVersionCPE
tuneztunez0.1cpe:2.3:a:tunez:tunez:0.1:*:*:*:*:*:*:*
tuneztunez0.2cpe:2.3:a:tunez:tunez:0.2:*:*:*:*:*:*:*
tuneztunez0.3cpe:2.3:a:tunez:tunez:0.3:*:*:*:*:*:*:*
tuneztunez0.4cpe:2.3:a:tunez:tunez:0.4:*:*:*:*:*:*:*
tuneztunez0.5cpe:2.3:a:tunez:tunez:0.5:*:*:*:*:*:*:*
tuneztunez0.5.5cpe:2.3:a:tunez:tunez:0.5.5:*:*:*:*:*:*:*
tuneztunez0.7cpe:2.3:a:tunez:tunez:0.7:*:*:*:*:*:*:*
tuneztunez0.9cpe:2.3:a:tunez:tunez:0.9:*:*:*:*:*:*:*
tuneztunez1.0.0cpe:2.3:a:tunez:tunez:1.0.0:*:*:*:*:*:*:*
tuneztunez1.1cpe:2.3:a:tunez:tunez:1.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tunez	tunez	0.1	cpe:2.3:a:tunez:tunez:0.1:::::::*
tunez	tunez	0.2	cpe:2.3:a:tunez:tunez:0.2:::::::*
tunez	tunez	0.3	cpe:2.3:a:tunez:tunez:0.3:::::::*
tunez	tunez	0.4	cpe:2.3:a:tunez:tunez:0.4:::::::*
tunez	tunez	0.5	cpe:2.3:a:tunez:tunez:0.5:::::::*
tunez	tunez	0.5.5	cpe:2.3:a:tunez:tunez:0.5.5:::::::*
tunez	tunez	0.7	cpe:2.3:a:tunez:tunez:0.7:::::::*
tunez	tunez	0.9	cpe:2.3:a:tunez:tunez:0.9:::::::*
tunez	tunez	1.0.0	cpe:2.3:a:tunez:tunez:1.0.0:::::::*
tunez	tunez	1.1	cpe:2.3:a:tunez:tunez:1.1:::::::*

Rows per page:

1-10 of 131

References

pridels0.blogspot.com/2005/11/tunez-sql-and-xss-vuln.html

secunia.com/advisories/17692

www.osvdb.org/21063

www.securityfocus.com/bid/15548

www.vupen.com/english/advisories/2005/2556

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

Confidence

High

EPSS

0.008

Percentile

81.6%

JSON

Related for CVE-2005-3834