CVE-2005-3959

Multiple cross-site scripting (XSS) vulnerabilities in FreeWebStat 1.0 rev37 allow remote attackers to inject arbitrary web script or HTML via the (1) site, (2) jsref, (3) jsres, and (4) jscolor parameters to pixel.php, which are not sanitized before being included in the logdb.html file, and (5) the search key to stat.php.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/17783	Vendor Advisory
http://securitytracker.com/id?1015301
http://www.freewebstat.com/changelog-english.html
http://www.osvdb.org/21207
http://www.securityfocus.com/archive/1/417902/100/0/threaded
http://www.securityfocus.com/bid/15601	Exploit
http://www.ush.it/2005/11/25/free-web-stat/	Exploit Vendor Advisory
http://www.vupen.com/english/advisories/2005/2646
https://exchange.xforce.ibmcloud.com/vulnerabilities/23387
https://exchange.xforce.ibmcloud.com/vulnerabilities/23391

Configurations

Configuration 1 (hide)

cpe:2.3:a:freewebstat:freewebstat:1.0_rev37:*:*:*:*:*:*:*

History

No history.

Information

Published : 2005-12-01 06:03

Updated : 2024-02-04 16:52

NVD link : CVE-2005-3959

Mitre link : CVE-2005-3959

CVE.ORG link : CVE-2005-3959

JSON object : View

Products Affected

freewebstat

freewebstat

CWE

NVD-CWE-Other

{"id": "CVE-2005-3959", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2005-12-01T06:03:00.000", "references": [{"url": "http://secunia.com/advisories/17783", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1015301", "source": "cve@mitre.org"}, {"url": "http://www.freewebstat.com/changelog-english.html", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/21207", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/417902/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/15601", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.ush.it/2005/11/25/free-web-stat/", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2005/2646", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23387", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23391", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in FreeWebStat 1.0 rev37 allow remote attackers to inject arbitrary web script or HTML via the (1) site, (2) jsref, (3) jsres, and (4) jscolor parameters to pixel.php, which are not sanitized before being included in the logdb.html file, and (5) the search key to stat.php."}], "lastModified": "2018-10-19T15:39:37.907", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:freewebstat:freewebstat:1.0_rev37:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "33E66E98-6A87-481E-ACEA-917AEEA2D26E"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}