CVE-2005-2981 — MEDIUM (4.3)

Vulnerability Description

Cross-site scripting (XSS) vulnerability in Orion 1.3.8 and 1.4.5 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly quoted in the resulting 404 error page.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Orionserver	Orion Application Server	1.3.8

Related Weaknesses (CWE)

CWE-79

References

http://marc.info/?l=bugtraq&m=112680922318639&w=2Third Party Advisory
http://marc.info/?l=bugtraq&m=112680922318639&w=2Third Party Advisory

FAQ

What is CVE-2005-2981?

CVE-2005-2981 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in Orion 1.3.8 and 1.4.5 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly quoted in the resulting 404 error pa...

How severe is CVE-2005-2981?

CVE-2005-2981 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2005-2981?

Check the references section above for vendor advisories and patch information. Affected products include: Orionserver Orion Application Server.