Lucene search

MitreCVE-2005-4284

HistoryDec 16, 2005 - 11:03 a.m.

CVE-2005-4284

2005-12-1611:03:00

mitre

web.nvd.nist.gov

cve-2005-4284

cross-site scripting

xss vulnerability

staticstore search engine

search engine

security vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.1

Confidence

High

EPSS

0.006

Percentile

78.3%

JSON

Cross-site scripting (XSS) vulnerability in StaticStore Search Engine 1.189A and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to search.cgi, possibly the keywords parameter. NOTE: this issue was originally disputed by the vendor, but it has since been acknowledged.

Affected configurations

Nvd

Node

static_storestaticstoreRange≤1.189a

VendorProductVersionCPE
static_storestaticstore*cpe:2.3:a:static_store:staticstore:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
static_store	staticstore	*	cpe:2.3:a:static_store:staticstore::::::::

References

pridels0.blogspot.com/2005/12/staticstore-search-engine-friendly-e.html

secunia.com/advisories/18037

www.osvdb.org/21714

www.osvdb.org/22032

www.securityfocus.com/bid/15895

www.vupen.com/english/advisories/2005/2915

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.1

Confidence

High

EPSS

0.006

Percentile

78.3%

JSON

Related for CVE-2005-4284