Vulnerability Description
Cross-site scripting (XSS) vulnerability in extremesearch.php in Extreme Search Corporate Edition 6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter.
CVSS Score
4.3
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Extreme Corporate | Extreme Search | <= corporate_6.0 |
References
- http://pridels0.blogspot.com/2005/12/extreme-search-corporate-edition-6x.html
- http://secunia.com/advisories/17816Vendor Advisory
- http://www.osvdb.org/21336
- http://www.securityfocus.com/bid/15675Exploit
- http://www.vupen.com/english/advisories/2005/2687
- http://pridels0.blogspot.com/2005/12/extreme-search-corporate-edition-6x.html
- http://secunia.com/advisories/17816Vendor Advisory
- http://www.osvdb.org/21336
- http://www.securityfocus.com/bid/15675Exploit
- http://www.vupen.com/english/advisories/2005/2687
FAQ
What is CVE-2005-3972?
CVE-2005-3972 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in extremesearch.php in Extreme Search Corporate Edition 6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the search paramete...
How severe is CVE-2005-3972?
CVE-2005-3972 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-3972?
Check the references section above for vendor advisories and patch information. Affected products include: Extreme Corporate Extreme Search.