6.8
CVE-2005-3202
- EPSS 10.98%
- Veröffentlicht 14.10.2005 10:02:00
- Zuletzt bearbeitet 16.06.2026 22:16:29
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTML DB (HTMLDB) 1.3 through 1.3.6 allow remote attackers to inject arbitrary web script or HTML, and subsequently execute SQL statements via the (1) p or (2) p_t02 parameters.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 10.98% | 0.953 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
http://www.oracle.com/technology/deploy/security/pdf/cpuapr2005.pdf
http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0173.html
http://marc.info/?l=bugtraq&m=112870398418456&w=2
http://secunia.com/advisories/14935/
http://securityreason.com/securityalert/62
http://www.osvdb.org/20051
http://www.osvdb.org/20052
http://www.red-database-security.com/advisory/oracle_htmldb_css.html
http://www.securityfocus.com/bid/15031
https://exchange.xforce.ibmcloud.com/vulnerabilities/22540