CVE-2005-0930

Cross-site scripting (XSS) vulnerability in message.php in Chatness 2.5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) the user field or (2) the message parameter to message.php.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://securitytracker.com/id?1013604
http://www.persianhacker.net/news/news-2946.html
http://www.securityfocus.com/archive/1/394526
http://www.securityfocus.com/bid/12929	Exploit
http://securitytracker.com/id?1013604
http://www.persianhacker.net/news/news-2946.html
http://www.securityfocus.com/archive/1/394526
http://www.securityfocus.com/bid/12929	Exploit

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:chatness:chatness::::::::
	cpe:2.3:a:chatness:chatness:2.5.1:::::::*

History

20 Nov 2024, 23:56

Type	Values Removed	Values Added
References	~~() http://securitytracker.com/id?1013604 -~~	() http://securitytracker.com/id?1013604 -
References	~~() http://www.persianhacker.net/news/news-2946.html -~~	() http://www.persianhacker.net/news/news-2946.html -
References	~~() http://www.securityfocus.com/archive/1/394526 -~~	() http://www.securityfocus.com/archive/1/394526 -
References	~~() http://www.securityfocus.com/bid/12929 - Exploit~~	() http://www.securityfocus.com/bid/12929 - Exploit

Information

Published : 2005-05-02 04:00

Updated : 2025-04-03 01:03

NVD link : CVE-2005-0930

Mitre link : CVE-2005-0930

CVE.ORG link : CVE-2005-0930

JSON object : View

Products Affected

chatness

chatness

CWE

NVD-CWE-Other

{"id": "CVE-2005-0930", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2005-05-02T04:00:00.000", "references": [{"url": "http://securitytracker.com/id?1013604", "source": "cve@mitre.org"}, {"url": "http://www.persianhacker.net/news/news-2946.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/394526", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/12929", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1013604", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.persianhacker.net/news/news-2946.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/394526", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/12929", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in message.php in Chatness 2.5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) the user field or (2) the message parameter to message.php."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:chatness:chatness:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A7678105-3705-4C2B-A443-8F3D24907CB4", "versionEndIncluding": "2.5"}, {"criteria": "cpe:2.3:a:chatness:chatness:2.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9E972CF3-83E5-483C-B3A9-12FEB52CF8C2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

4.3 /10