CVE-2005-2467

Опубликовано: 31 дек. 2005

Источник: nvd

CVSS2: 5.8

EPSS Низкий

Описание

Multiple cross-site scripting (XSS) vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to view.php, (2) release parameter to list.php, or (3) F parameter to get_jsrs_data.php.

Ссылки

http://lists.mysql.com/eventum-users/2072
Patch
http://marc.info/?l=bugtraq&m=112292193807958&w=2
http://secunia.com/advisories/16304
Patch
Vendor Advisory
http://securitytracker.com/id?1014603
Exploit
Patch
http://www.gulftech.org/?node=research&article_id=00093-07312005
Exploit
http://www.osvdb.org/18400
Exploit
http://www.osvdb.org/18401
Exploit
http://www.osvdb.org/18402
Exploit
http://www.securityfocus.com/bid/14436
Exploit
http://www.vupen.com/english/advisories/2005/1287
http://lists.mysql.com/eventum-users/2072
Patch
http://marc.info/?l=bugtraq&m=112292193807958&w=2
http://secunia.com/advisories/16304
Patch
Vendor Advisory
http://securitytracker.com/id?1014603
Exploit
Patch
http://www.gulftech.org/?node=research&article_id=00093-07312005
Exploit
http://www.osvdb.org/18400
Exploit
http://www.osvdb.org/18401
Exploit
http://www.osvdb.org/18402
Exploit
http://www.securityfocus.com/bid/14436
Exploit
http://www.vupen.com/english/advisories/2005/1287

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:mysql:eventum:1.1:*:*:*:*:*:*:*

cpe:2.3:a:mysql:eventum:1.2:*:*:*:*:*:*:*

cpe:2.3:a:mysql:eventum:1.2.2:*:*:*:*:*:*:*

cpe:2.3:a:mysql:eventum:1.3:*:*:*:*:*:*:*

cpe:2.3:a:mysql:eventum:1.3.1:*:*:*:*:*:*:*

cpe:2.3:a:mysql:eventum:1.4:*:*:*:*:*:*:*

cpe:2.3:a:mysql:eventum:1.5.4:*:*:*:*:*:*:*

cpe:2.3:a:mysql:eventum:1.5.5:*:*:*:*:*:*:*

EPSS

Процентиль: 83%

0.02047

Низкий

5.8 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-c69x-g4rf-5fp6

github

почти 4 года назад