Vulnerability Description
Cross-site scripting (XSS) vulnerability in Edgewall Trac 0.9, 0.9.1, and 0.9.2 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly sanitized before it is returned in an error page.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Edgewall Software | Trac | 0.9 |
References
- http://projects.edgewall.com/trac/wiki/ChangeLog
- http://secunia.com/advisories/18048Vendor Advisory
- http://secunia.com/advisories/18625
- http://securitytracker.com/id?1015363
- http://www.gentoo.org/security/en/glsa/glsa-200601-12.xml
- http://www.securityfocus.com/bid/16386
- http://www.vupen.com/english/advisories/2005/2936
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23775
- http://projects.edgewall.com/trac/wiki/ChangeLog
- http://secunia.com/advisories/18048Vendor Advisory
- http://secunia.com/advisories/18625
- http://securitytracker.com/id?1015363
- http://www.gentoo.org/security/en/glsa/glsa-200601-12.xml
- http://www.securityfocus.com/bid/16386
- http://www.vupen.com/english/advisories/2005/2936
FAQ
What is CVE-2005-4305?
CVE-2005-4305 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in Edgewall Trac 0.9, 0.9.1, and 0.9.2 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly sanitized before it is...
How severe is CVE-2005-4305?
CVE-2005-4305 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-4305?
Check the references section above for vendor advisories and patch information. Affected products include: Edgewall Software Trac.