Lucene search

MitreCVE-2005-4012

HistoryDec 05, 2005 - 11:03 a.m.

CVE-2005-4012

2005-12-0511:03:00

mitre

web.nvd.nist.gov

cve-2005-4012

cross-site scripting

xss

php web statistik 1.4

web security

vulnerability

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.1

Confidence

High

EPSS

0.029

Percentile

90.8%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in PHP Web Statistik 1.4 allows remote attackers to inject arbitrary web script or HTML via (1) the lastnumber parameter to stat.php and (2) the HTTP referer to pixel.php.

Affected configurations

Nvd

Node

php_webstatistikMatch1.4

VendorProductVersionCPE
php_webstatistik1.4cpe:2.3:a:php_web:statistik:1.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
php_web	statistik	1.4	cpe:2.3:a:php_web:statistik:1.4:::::::*

References

cert.uni-stuttgart.de/archive/bugtraq/2005/11/msg00325.html

freewebstat.com/changelog-english.html

secunia.com/advisories/17789

www.osvdb.org/21208

www.osvdb.org/21212

www.securityfocus.com/bid/15603

www.ush.it/2005/11/19/php-web-statistik/

www.vupen.com/english/advisories/2005/2645

exchange.xforce.ibmcloud.com/vulnerabilities/23379

exchange.xforce.ibmcloud.com/vulnerabilities/23385

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.1

Confidence

High

EPSS

0.029

Percentile

90.8%

JSON

Related for CVE-2005-4012