Lucene search

[email protected]NVD:CVE-2005-4294

HistoryDec 16, 2005 - 11:03 a.m.

CVE-2005-4294

2005-12-1611:03:00

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.004

Percentile

74.7%

JSON

Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before 6.0.3 allows remote attackers to inject arbitrary web script or HTML via the username in the login page.

Affected configurations

Nvd

Node

alkaconopencmsRange≤6.0.2

alkaconopencmsMatch6.0.0

VendorProductVersionCPE
alkaconopencms*cpe:2.3:a:alkacon:opencms:*:*:*:*:*:*:*:*
alkaconopencms6.0.0cpe:2.3:a:alkacon:opencms:6.0.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
alkacon	opencms	*	cpe:2.3:a:alkacon:opencms::::::::
alkacon	opencms	6.0.0	cpe:2.3:a:alkacon:opencms:6.0.0:::::::*

References

archives.neohapsis.com/archives/fulldisclosure/2005-12/0640.html

secunia.com/advisories/18046

securitytracker.com/id?1015365

www.opencms.org/opencms/en/download/opencms.html

www.scip.ch/cgi-bin/smss/showadvf.pl?id=1910

www.securityfocus.com/bid/15882

www.vupen.com/english/advisories/2005/2923

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.004

Percentile

74.7%

JSON

Related for NVD:CVE-2005-4294

cve1 cvelist1