CyberSec.Space Logo
CVEブラウザに戻る

CVE-2005-0407

MEDIUM
4.3
CVSS Severity Score
EPSS Score0.0380%
EPSS Percentile36.34th
Published2005年5月2日
Last Modified2026年4月16日

Vulnerability Description

Cross-site scripting (XSS) vulnerability in Openconf 1.04, and possibly other versions before 1.10, allows remote attackers to inject arbitrary HTML and web script via the paper title.

Affected Platforms (CPE)

📦
Zakon Group

Openconf

= 1.0
📦
Zakon Group

Openconf

= 1.0_beta1
📦
Zakon Group

Openconf

= 1.0_beta2
📦
Zakon Group

Openconf

= 1.0_rc1
📦
Zakon Group

Openconf

= 1.0_rc2
📦
Zakon Group

Openconf

= 1.01
📦
Zakon Group

Openconf

= 1.02
📦
Zakon Group

Openconf

= 1.03
📦
Zakon Group

Openconf

= 1.04

References & Advisories

🔗 http://seclists.org/lists/fulldisclosure/2005/Feb/0347.html
🔗 http://secunia.com/advisories/14294
🔗 http://www.redteam-pentesting.de/advisories/rt-sa-2005-007.txt
🔗 http://www.securityfocus.com/bid/12554
🔗 http://seclists.org/lists/fulldisclosure/2005/Feb/0347.html
🔗 http://secunia.com/advisories/14294
🔗 http://www.redteam-pentesting.de/advisories/rt-sa-2005-007.txt
🔗 http://www.securityfocus.com/bid/12554

関連する脆弱性情報

CVE-2012-100210.0

SQL injection vulnerability in author/edit.php in OpenConf 4.x before 4.12 allows remote attackers to execute arbitrary SQL comman...

CVE-2005-266810.0

Multiple buffer overflows in Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before...

CVE-2005-266910.0

Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allows remote at...

CVE-2005-129910.0

The inserter.cgi script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument.