Vulnerability Name:

CVE-2005-4434 (CCN-23830)

Assigned:2005-12-20
Published:2005-12-20
Updated:2017-07-20
Summary:Cross-site scripting (XSS) vulnerability in AbleDesign ReSearch 2.x allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
Note: the provenance of this information is unknown; the details are obtained solely from third party information.
CVSS v3 Severity:3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: AbleDesign - ReSearch
Overview - Searchable Race Results

Source: MITRE
Type: CNA
CVE-2005-4434

Source: CCN
Type: SA18122
AbleDesign ReSearch Cross-Site Scripting Vulnerability

Source: SECUNIA
Type: Vendor Advisory
18122

Source: OSVDB
Type: UNKNOWN
21986

Source: CCN
Type: OSVDB ID: 21986
AbleDesign ReSearch Search Module Parameter XSS

Source: BID
Type: UNKNOWN
15988

Source: CCN
Type: BID-15988
AbleDesign ReSearch Search Cross-Site Scripting Vulnerability

Source: XF
Type: UNKNOWN
abledesign-research-xss(23830)

Source: XF
Type: UNKNOWN
abledesign-research-xss(23830)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:abledesign:abledesign:2.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:113528
    P
    		tkdiff-4.2-10.2 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:106924
    P
    		tkdiff-4.2-10.2 on GA media (Moderate)
    2021-10-01
    BACK
    abledesign abledesign 2.0