1. CVE-Search
  2. CVE-2005-4305
ID CVE-2005-4305
Summary Cross-site scripting (XSS) vulnerability in Edgewall Trac 0.9, 0.9.1, and 0.9.2 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly sanitized before it is returned in an error page.
References
Vulnerable Configurations
  • cpe:2.3:a:edgewall_software:trac:0.9:*:*:*:*:*:*:*
    cpe:2.3:a:edgewall_software:trac:0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:edgewall_software:trac:0.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:edgewall_software:trac:0.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:edgewall_software:trac:0.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:edgewall_software:trac:0.9.2:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 20-07-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:N
refmap via4
bid 16386
confirm http://projects.edgewall.com/trac/wiki/ChangeLog
gentoo GLSA-200601-12
sectrack 1015363
secunia
  • 18048
  • 18625
vupen ADV-2005-2936
xf trac-url-path-xss(23775)
Last major update 20-07-2017 - 01:29
Published 17-12-2005 - 00:03
Last modified 20-07-2017 - 01:29
Back to Top