Vulnerability Name:

CVE-2005-2467 (CCN-21638)

Assigned:2005-08-01
Published:2005-08-01
Updated:2016-10-18
Summary:Multiple cross-site scripting (XSS) vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to view.php, (2) release parameter to list.php, or (3) F parameter to get_jsrs_data.php.
CVSS v3 Severity:4.8 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:5.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2005-2467

Source: CCN
Type: MySQL Download Web page
Select a Mirror

Source: CONFIRM
Type: Patch
http://lists.mysql.com/eventum-users/2072

Source: BUGTRAQ
Type: UNKNOWN
20050731 MySQL Eventum Multiple Vulnerabilities

Source: CCN
Type: SA16304
MySQL Eventum Cross-Site Scripting and SQL Injection

Source: SECUNIA
Type: Patch, Vendor Advisory
16304

Source: CCN
Type: SECTRACK ID: 1014603
MySQL Eventum Input Validation Hole in `class.auth.php` Permits SQL Injection and Other Input Validation Bugs Permit Cross-Site Scripting Attacks

Source: SECTRACK
Type: Exploit, Patch
1014603

Source: CCN
Type: GulfTech Research and Development
MySQL Eventum Multiple Vulnerabilities

Source: MISC
Type: Exploit
http://www.gulftech.org/?node=research&article_id=00093-07312005

Source: OSVDB
Type: Exploit
18400

Source: OSVDB
Type: Exploit
18401

Source: OSVDB
Type: Exploit
18402

Source: CCN
Type: OSVDB ID: 18400
MySQL Eventum view.php id Parameter XSS

Source: CCN
Type: OSVDB ID: 18401
MySQL Eventum list.php release Parameter XSS

Source: CCN
Type: OSVDB ID: 18402
MySQL Eventum get_jsrs_data.php F Parameter XSS

Source: BID
Type: Exploit
14436

Source: CCN
Type: BID-14436
MySQL Eventum Multiple Cross-Site Scripting Vulnerabilities

Source: VUPEN
Type: UNKNOWN
ADV-2005-1287

Source: XF
Type: UNKNOWN
eventum-multiple-scripts-xss(21638)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:mysql:eventum:1.1:*:*:*:*:*:*:*
  • OR cpe:/a:mysql:eventum:1.2:*:*:*:*:*:*:*
  • OR cpe:/a:mysql:eventum:1.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:mysql:eventum:1.3:*:*:*:*:*:*:*
  • OR cpe:/a:mysql:eventum:1.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:mysql:eventum:1.4:*:*:*:*:*:*:*
  • OR cpe:/a:mysql:eventum:1.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:mysql:eventum:1.5.5:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:mysql:eventum:1.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:mysql:eventum:1.3:*:*:*:*:*:*:*
  • OR cpe:/a:mysql:eventum:1.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:mysql:eventum:1.2:*:*:*:*:*:*:*
  • OR cpe:/a:mysql:eventum:1.1:*:*:*:*:*:*:*
  • OR cpe:/a:mysql:eventum:1.4:*:*:*:*:*:*:*
  • OR cpe:/a:mysql:eventum:1.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:mysql:eventum:1.5.5:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    mysql eventum 1.1
    mysql eventum 1.2
    mysql eventum 1.2.2
    mysql eventum 1.3
    mysql eventum 1.3.1
    mysql eventum 1.4
    mysql eventum 1.5.4
    mysql eventum 1.5.5
    mysql eventum 1.3.1
    mysql eventum 1.3
    mysql eventum 1.2.2
    mysql eventum 1.2
    mysql eventum 1.1
    mysql eventum 1.4
    mysql eventum 1.5.4
    mysql eventum 1.5.5