CVE-2005-2861 - Cross-site scripting (XSS) vulnerability in N-Stealth Commercial Edition before 5.8.0.38 and Free Ed

CVE-2005-2861

Summary

Cross-site scripting (XSS) vulnerability in N-Stealth Commercial Edition before 5.8.0.38 and Free Edition before 5.8.1.03 allows remote attackers to inject arbitrary web script or HTML via the Server field in an HTTP response header, which is directly injected into an HTML report.

References

Vulnerable Configurations

cpe:2.3:a:n-stalker:n-stealth:commercial_5.8:*:*:*:*:*:*:*
cpe:2.3:a:n-stalker:n-stealth:commercial_5.8:*:*:*:*:*:*:*
cpe:2.3:a:n-stalker:n-stealth:free_5.8:*:*:*:*:*:*:*
cpe:2.3:a:n-stalker:n-stealth:free_5.8:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 05-09-2008 - 20:52)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

bid	14717
misc	http://www.cybsec.com/vuln/010905-multiple_webscanner_script_injection.pdf
vulnwatch	20050901 CYBSEC - Multiple Vendor Web Vulnerability Scanner Arbitrary Script Injection Vulnerability

Last major update

05-09-2008 - 20:52

Published

08-09-2005 - 10:03

Last modified

05-09-2008 - 20:52