CVE-2005-4284

2005-12-1611:00:00

mitre

www.cve.org

AI Score

5.9

Confidence

High

EPSS

0.006

Percentile

78.3%

JSON

Cross-site scripting (XSS) vulnerability in StaticStore Search Engine 1.189A and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to search.cgi, possibly the keywords parameter. NOTE: this issue was originally disputed by the vendor, but it has since been acknowledged.

References

pridels0.blogspot.com/2005/12/staticstore-search-engine-friendly-e.html

secunia.com/advisories/18037

www.osvdb.org/21714

www.osvdb.org/22032

www.securityfocus.com/bid/15895

www.vupen.com/english/advisories/2005/2915