Lucene search

MitreCVE-2005-4294

HistoryDec 16, 2005 - 11:03 a.m.

CVE-2005-4294

2005-12-1611:03:00

mitre

web.nvd.nist.gov

cve

2005

4294

xss

vulnerability

alkacon

opencms

web script

html

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.004

Percentile

74.7%

JSON

Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before 6.0.3 allows remote attackers to inject arbitrary web script or HTML via the username in the login page.

Affected configurations

Nvd

Node

alkaconopencmsRange≤6.0.2

alkaconopencmsMatch6.0.0

VendorProductVersionCPE
alkaconopencms*cpe:2.3:a:alkacon:opencms:*:*:*:*:*:*:*:*
alkaconopencms6.0.0cpe:2.3:a:alkacon:opencms:6.0.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
alkacon	opencms	*	cpe:2.3:a:alkacon:opencms::::::::
alkacon	opencms	6.0.0	cpe:2.3:a:alkacon:opencms:6.0.0:::::::*

References

archives.neohapsis.com/archives/fulldisclosure/2005-12/0640.html

secunia.com/advisories/18046

securitytracker.com/id?1015365

www.opencms.org/opencms/en/download/opencms.html

www.scip.ch/cgi-bin/smss/showadvf.pl?id=1910

www.securityfocus.com/bid/15882

www.vupen.com/english/advisories/2005/2923

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.004

Percentile

74.7%

JSON

Related for CVE-2005-4294