CyberSec.Space Logo
Back to CVE Browser

CVE-2005-4574

MEDIUM
4.3
CVSS Severity Score
EPSS Score0.1270%
EPSS Percentile11.58th
PublishedDec 29, 2005
Last ModifiedApr 16, 2026

Vulnerability Description

Cross-site scripting (XSS) vulnerability in loader.cfm in PaperThin CommonSpot Content Server 4.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the bNewWindow parameter.

Affected Platforms (CPE)

πŸ“¦
Paperthin

Commonspot Content Server

<= 4.5
πŸ“¦
Paperthin

Commonspot Content Server

= 2.5
πŸ“¦
Paperthin

Commonspot Content Server

= 3.0
πŸ“¦
Paperthin

Commonspot Content Server

= 3.2
πŸ“¦
Paperthin

Commonspot Content Server

= 4.0

References & Advisories

πŸ”— http://pridels0.blogspot.com/2005/12/commonspot-content-server-vuln.html
πŸ”— http://secunia.com/advisories/18257
πŸ”— http://www.osvdb.org/21931
πŸ”— http://www.securityfocus.com/bid/16071
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/23864
πŸ”— http://pridels0.blogspot.com/2005/12/commonspot-content-server-vuln.html
πŸ”— http://secunia.com/advisories/18257
πŸ”— http://www.osvdb.org/21931

Related Vulnerabilities

CVE-2005-45755.0

PaperThin CommonSpot Content Server 4.5 and earlier allow remote attackers to obtain sensitive information via an invalid errmsg p...

CVE-2010-04684.3

Cross-site scripting (XSS) vulnerability in utilities/longproc.cfm in PaperThin CommonSpot Content Server allows remote attackers ...

CVE-2005-266910.0

Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allows remote at...

CVE-2005-051910.0

ArGoSoft FTP Server before 1.4.2.7 allows remote attackers to read arbitrary files by uploading a ZIP file containing a shortcut (...