CVE-2005-2488

{"id": "CVE-2005-2488", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2005-08-07T04:00:00.000", "references": [{"url": "http://secunia.com/advisories/16317", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1014616", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.rgod.altervista.org/webc.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/14464", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21689", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/16317", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securitytracker.com/id?1014616", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.rgod.altervista.org/webc.html", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/14464", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21689", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Web Content Management News System allows remote attackers to inject arbitrary web script or HTML via (1) the strRootpath parameter to validsession.php or (2) the strTable parameter to Admin/News/List.php."}, {"lang": "es", "value": "Vulnerabilidad de scritps en sitios cruzados (XSS) en Web Content Management News System permite a atacantes remotos inyectar script web arbitrario o HTML mediante \r\n\r\nel par\u00e1metro strRootpath de validsession.php o\r\nel par\u00e1metro strTable de Admin/News/List.php"}], "lastModified": "2024-11-20T23:59:40.430", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:web_content_management:web_content_management_news_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97C33549-F03B-4F35-A520-6EE57133F8C1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}