CVE-2005-2467

2006-06-0620:03:00

mitre

www.cve.org

5.8 Medium

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.6%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to view.php, (2) release parameter to list.php, or (3) F parameter to get_jsrs_data.php.

References

lists.mysql.com/eventum-users/2072

marc.info/?l=bugtraq&m=112292193807958&w=2

secunia.com/advisories/16304

securitytracker.com/id?1014603

www.gulftech.org/?node=research&article_id=00093-07312005

www.osvdb.org/18400

www.osvdb.org/18401

www.osvdb.org/18402

www.securityfocus.com/bid/14436

www.vupen.com/english/advisories/2005/1287