4.3

CVE-2004-1318

Cross-site scripting (XSS) vulnerability in namazu.cgi for Namazu 2.0.13 and earlier allows remote attackers to inject arbitrary HTML and web script via a query that starts with a tab ("%09") character, which prevents the rest of the query from being properly sanitized.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NamazuNamazu Version2.0.7
NamazuNamazu Version2.0.8
NamazuNamazu Version2.0.13
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.88% 0.768
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.novell.com/linux/security/advisories/2005_01_sr.html
http://jvn.jp/jp/JVN%23904429FE.html
Vendor Advisory
http://secunia.com/advisories/13600
http://securitytracker.com/alerts/2005/Jan/1012802.html
http://securitytracker.com/alerts/2005/Jan/1012805.html
http://www.debian.org/security/2005/dsa-627
Vendor Advisory
http://www.linuxsecurity.com/content/view/117604/102/
http://www.namazu.org/security.html.en#xss-tab
Patch
Vendor Advisory
http://www.osvdb.org/12516
http://www.securityfocus.com/advisories/9028
http://www.securityfocus.com/bid/12053
https://exchange.xforce.ibmcloud.com/vulnerabilities/18623