Vulnerability CVE-2005-4322

Vulnerability Name:

CVE-2005-4322 (CCN-23197)

Assigned:

2005-11-18

Published:

2005-11-18

Updated:

2017-07-20

Summary:

Multiple cross-site scripting (XSS) vulnerabilities in Hitachi Cosminexus Collaboration Portal 06-00 through 06-10-/B, Groupmax Collaboration Portal 07-00 through 07-10-/B, and Groupmax Collaboration Web Client 07-00 through 07-10-/A allow remote attackers to inject arbitrary web script or HTML via the (1) Schedule and (2) Calendar components.

CVSS v3 Severity:

3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2005-4322

Source: CCN
Type: SA17634
Hitachi Products Cross-Site Scripting and Denial of Service

Source: SECUNIA
Type: Patch, Vendor Advisory
17634

Source: SECTRACK
Type: Patch
1015241

Source: SECTRACK
Type: Patch
1015242

Source: CCN
Type: SECTRACK ID: 1015241
Cosminexus Collaboration Suite Bugs Let Remote Users Conduct Cross-Site Scripting and Remote Denial of Service Attacks

Source: CCN
Type: SECTRACK ID: 1015242
Groupmax Collaboration Suite Bugs Let Remote Users Conduct Cross-Site Scripting and Remote Denial of Service Attacks

Source: CCN
Type: Hitachi Support Software Vulnerability Information HS05-023-01
Cross-site Scripting and DoS Vulnerabilities in Groupmax Collaboration and Cosminexus Collaboration

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.hitachi-support.com/security_e/vuls_e/HS05-023_e/01-e.html

Source: OSVDB
Type: UNKNOWN
20969

Source: OSVDB
Type: UNKNOWN
22126

Source: CCN
Type: OSVDB ID: 20969
Hitachi Groupmax Collaboration Unspecified XSS

Source: CCN
Type: OSVDB ID: 22126
Hitachi Cosminexus Collaboration Unspecified XSS

Source: BID
Type: UNKNOWN
15498

Source: CCN
Type: BID-15498
Hitachi Products Multiple Cross-Site Scripting Vulnerabilities

Source: XF
Type: UNKNOWN
hitachi-groupmax-multiple-xss(23197)

Source: XF
Type: UNKNOWN
hitachi-groupmax-multiple-xss(23197)

Vulnerable Configuration:

Configuration 1:

cpe:/a:hitachi:cosminexus_collaboration_portal:06_00:*:*:*:*:*:*:*

OR cpe:/a:hitachi:cosminexus_collaboration_portal:*:*:*:*:*:*:*:* (Version <= 06_10_b)

OR cpe:/a:hitachi:groupmax_collaboration_portal:07_00:*:*:*:*:*:*:*

OR cpe:/a:hitachi:groupmax_collaboration_portal:*:*:*:*:*:*:*:* (Version <= 07_10_b)

OR cpe:/a:hitachi:groupmax_collaboration_web_client:07_00:*:*:*:*:*:*:*

OR cpe:/a:hitachi:groupmax_collaboration_web_client:*:*:*:*:*:*:*:* (Version <= 07_10_a)

Denotes that component is vulnerable

BACK