CVE-2005-4075

medium

Description

Multiple cross-site scripting (XSS) vulnerabilities in index.cfm in CF_Nuke 4.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) topic and (2) newsid parameter in the news sector, and (3) cat parameter in the links sector.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/23540

http://www.vupen.com/english/advisories/2005/2795

http://www.securityfocus.com/bid/15778

http://www.osvdb.org/21507

http://secunia.com/advisories/17939

http://pridels0.blogspot.com/2005/12/cfnuke-v46-multiple-vuln.html

Details

Source: Mitre, NVD

Published: 2005-12-08

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00685