Detections
Analytics

CVE-2005-4305

medium

Description

Cross-site scripting (XSS) vulnerability in Edgewall Trac 0.9, 0.9.1, and 0.9.2 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly sanitized before it is returned in an error page.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/23775

http://www.vupen.com/english/advisories/2005/2936

http://www.securityfocus.com/bid/16386

http://www.gentoo.org/security/en/glsa/glsa-200601-12.xml

http://securitytracker.com/id?1015363

http://secunia.com/advisories/18625

http://secunia.com/advisories/18048

http://projects.edgewall.com/trac/wiki/ChangeLog

Details

Source: Mitre, NVD

Published: 2005-12-17

Updated: 2025-04-03

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00558