CVE-2005-3866 - Cross-site scripting (XSS) vulnerability in SearchFeed Search Engine 1.3.2 and earlier allows remote

CVE-2005-3866

Summary

Cross-site scripting (XSS) vulnerability in SearchFeed Search Engine 1.3.2 and earlier allows remote attackers to inject arbitrary HTML and web script, possibly via the REQ parameter, which is used when performing a search.

References

http://pridels0.blogspot.com/2005/11/searchfeed-search-engine-xss-vuln.html
http://secunia.com/advisories/17715
http://www.osvdb.org/21144
http://www.securityfocus.com/bid/15612
http://www.vupen.com/english/advisories/2005/2609
https://exchange.xforce.ibmcloud.com/vulnerabilities/23348

Vulnerable Configurations

cpe:2.3:a:wwwsearchsolutions:searchfeed_search_engine:*:*:*:*:*:*:*:*
cpe:2.3:a:wwwsearchsolutions:searchfeed_search_engine:*:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 20-07-2017 - 01:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

bid	15612
misc	http://pridels0.blogspot.com/2005/11/searchfeed-search-engine-xss-vuln.html
osvdb	21144
secunia	17715
vupen	ADV-2005-2609
xf	searchfeed-search-xss(23348)

Last major update

20-07-2017 - 01:29

Published

29-11-2005 - 11:03

Last modified

20-07-2017 - 01:29