CVE-2005-3436

Cross-site scripting (XSS) vulnerability in Nuked-Klan 1.7 allows remote attackers to inject arbitrary web script or HTML via the (1) Search module, (2) certain edit fields in Guestbook, (3) the title in the Forum module, and (4) Textbox.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://marc.info/?l=bugtraq&m=112991421210577&w=2
http://secunia.com/advisories/17304/	Patch Vendor Advisory
http://securityreason.com/securityalert/104
http://www.securityfocus.com/bid/15166
http://www.vupen.com/english/advisories/2005/2189
https://exchange.xforce.ibmcloud.com/vulnerabilities/22873

Configurations

Configuration 1 (hide)

cpe:2.3:a:nuked-klan:nuked-klan:1.7:*:*:*:*:*:*:*

History

No history.

Information

Published : 2005-11-02 11:02

Updated : 2024-02-04 16:52

NVD link : CVE-2005-3436

Mitre link : CVE-2005-3436

CVE.ORG link : CVE-2005-3436

JSON object : View

Products Affected

nuked-klan

nuked-klan

CWE

NVD-CWE-Other

4.3 /10