CVE-2005-4455 — MEDIUM (5.0)

Vulnerability Description

cleanhtml.pl 1.129 in LiveJournal CVS before Dec 13 2005 allows remote attackers to inject scripting languages via the XSL namespace in XML, via vectors such as customview.cgi.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Livejournal	Livejournal	All versions

References

http://cvs.livejournal.org/browse.cgi/livejournal/cgi-bin/cleanhtml.pl
http://secunia.com/advisories/18157PatchVendor Advisory
http://cvs.livejournal.org/browse.cgi/livejournal/cgi-bin/cleanhtml.pl
http://secunia.com/advisories/18157PatchVendor Advisory

FAQ

What is CVE-2005-4455?

CVE-2005-4455 is a vulnerability with a CVSS score of 5.0 (MEDIUM). cleanhtml.pl 1.129 in LiveJournal CVS before Dec 13 2005 allows remote attackers to inject scripting languages via the XSL namespace in XML, via vectors such as customview.cgi.

How severe is CVE-2005-4455?

CVE-2005-4455 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2005-4455?

Check the references section above for vendor advisories and patch information. Affected products include: Livejournal Livejournal.