CVE-2005-4393 - OpenCVE

Cross-site scripting (XSS) vulnerability in show.cfm in e-publish CMS 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) obcatid and (2) comid parameters.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
E-publish	E-publish

Configuration 1 [-]

cpe:2.3:a:e-publish:e-publish:*:*:*:*:*:*:*:*

References

Link	Resource
http://pridels0.blogspot.com/2005/12/e-publish-cms-vuln.html
http://secunia.com/advisories/18140
http://www.osvdb.org/21882
http://www.securityfocus.com/bid/15964
http://www.vupen.com/english/advisories/2005/2983
https://exchange.xforce.ibmcloud.com/vulnerabilities/23828

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2005-12-20T11:00:00

Updated: 2017-07-19T15:57:01

Reserved: 2005-12-20T00:00:00

Link: CVE-2005-4393

JSON object: View

NVD Information

Status : Modified

Published: 2005-12-20T11:03:00.000

Modified: 2017-07-20T01:29:14.737

Link: CVE-2005-4393

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-12-18T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in show.cfm in e-publish CMS 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) obcatid and (2) comid parameters."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-19T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "18140", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/18140"}, {"name": "ADV-2005-2983", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2005/2983"}, {"name": "epublish-multiple-parmeters-xss(23828)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23828"}, {"name": "21882", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/21882"}, {"tags": ["x_refsource_MISC"], "url": "http://pridels0.blogspot.com/2005/12/e-publish-cms-vuln.html"}, {"name": "15964", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/15964"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-4393", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in show.cfm in e-publish CMS 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) obcatid and (2) comid parameters."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "18140", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18140"}, {"name": "ADV-2005-2983", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2005/2983"}, {"name": "epublish-multiple-parmeters-xss(23828)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23828"}, {"name": "21882", "refsource": "OSVDB", "url": "http://www.osvdb.org/21882"}, {"name": "http://pridels0.blogspot.com/2005/12/e-publish-cms-vuln.html", "refsource": "MISC", "url": "http://pridels0.blogspot.com/2005/12/e-publish-cms-vuln.html"}, {"name": "15964", "refsource": "BID", "url": "http://www.securityfocus.com/bid/15964"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-4393", "datePublished": "2005-12-20T11:00:00", "dateReserved": "2005-12-20T00:00:00", "dateUpdated": "2017-07-19T15:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}