CVE-2005-3967

medium

Description

Cross-site scripting (XSS) vulnerability in the dosearchsite.action module in Atlassian Confluence 2.0.1 Build 321 allows remote attackers to inject arbitrary web script or HTML via the searchQuery.queryString search module parameter.

References

http://www.vupen.com/english/advisories/2005/2691

http://www.securityfocus.com/bid/15688

http://www.osvdb.org/21377

http://secunia.com/advisories/17833

http://pridels0.blogspot.com/2005/12/confluence-enterprise-wiki-xss-vuln.html

Details

Source: Mitre, NVD

Published: 2005-12-03

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00401