CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2005-0407

MEDIUM
4.3
CVSS Severity Score
EPSS Score0.0380%
EPSS Percentile36.34th
Published2005年5月2日
Last Modified2026年4月16日

Vulnerability Description

Cross-site scripting (XSS) vulnerability in Openconf 1.04, and possibly other versions before 1.10, allows remote attackers to inject arbitrary HTML and web script via the paper title.

Affected Platforms (CPE)

📦
Zakon Group

Openconf

= 1.0
📦
Zakon Group

Openconf

= 1.0_beta1
📦
Zakon Group

Openconf

= 1.0_beta2
📦
Zakon Group

Openconf

= 1.0_rc1
📦
Zakon Group

Openconf

= 1.0_rc2
📦
Zakon Group

Openconf

= 1.01
📦
Zakon Group

Openconf

= 1.02
📦
Zakon Group

Openconf

= 1.03
📦
Zakon Group

Openconf

= 1.04

References & Advisories

🔗 http://seclists.org/lists/fulldisclosure/2005/Feb/0347.html
🔗 http://secunia.com/advisories/14294
🔗 http://www.redteam-pentesting.de/advisories/rt-sa-2005-007.txt
🔗 http://www.securityfocus.com/bid/12554
🔗 http://seclists.org/lists/fulldisclosure/2005/Feb/0347.html
🔗 http://secunia.com/advisories/14294
🔗 http://www.redteam-pentesting.de/advisories/rt-sa-2005-007.txt
🔗 http://www.securityfocus.com/bid/12554

相關漏洞威脅

CVE-2012-100210.0

SQL injection vulnerability in author/edit.php in OpenConf 4.x before 4.12 allows remote attackers to execute arbitrary SQL comman...

CVE-2005-063610.0

Format string vulnerability in Foxmail Server 2.0 allows remote attackers to cause a denial of service (crash) and possibly execut...

CVE-2005-089210.0

Buffer overflow in smail 3.2.0.120 allows remote attackers or local users to execute arbitrary code via a long string in the MAIL ...

CVE-2005-070810.0

The sendfile system call in FreeBSD 4.8 through 4.11 and 5 through 5.4 can transfer portions of kernel memory if a file is truncat...