CVE-2005-3959 - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in FreeWebStat 1.0 rev37 allow remote attackers to inject arbitrary web script or HTML via the (1) site, (2) jsref, (3) jsres, and (4) jscolor parameters to pixel.php, which are not sanitized before being included in the logdb.html file, and (5) the search key to stat.php.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Freewebstat	Freewebstat

Configuration 1 [-]

cpe:2.3:a:freewebstat:freewebstat:1.0_rev37:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://secunia.com/advisories/17783
http://securitytracker.com/id?1015301
http://www.freewebstat.com/changelog-english.html
http://www.osvdb.org/21207
http://www.securityfocus.com/archive/1/417902/100/0/threaded
http://www.securityfocus.com/bid/15601
http://www.ush.it/2005/11/25/free-web-stat/
http://www.vupen.com/english/advisories/2005/2646
https://exchange.xforce.ibmcloud.com/vulnerabilities/23387
https://exchange.xforce.ibmcloud.com/vulnerabilities/23391

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2005-12-01T11:00:00

Updated: 2024-08-07T23:31:49.084Z

Reserved: 2005-12-01T00:00:00

Link: CVE-2005-3959

Vulnrichment

No data.

NVD

Status : Modified

Published: 2005-12-01T06:03:00.000

Modified: 2018-10-19T15:39:37.907

Link: CVE-2005-3959

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-11-28T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in FreeWebStat 1.0 rev37 allow remote attackers to inject arbitrary web script or HTML via the (1) site, (2) jsref, (3) jsres, and (4) jscolor parameters to pixel.php, which are not sanitized before being included in the logdb.html file, and (5) the search key to stat.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-19T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "freewebstat-stat-search-xss(23391)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23391"}, {"name": "17783", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/17783"}, {"name": "20051128 Free Web Stat Multiple XSS Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/417902/100/0/threaded"}, {"name": "1015301", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1015301"}, {"name": "ADV-2005-2646", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2005/2646"}, {"name": "15601", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/15601"}, {"tags": ["x_refsource_MISC"], "url": "http://www.freewebstat.com/changelog-english.html"}, {"name": "21207", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/21207"}, {"tags": ["x_refsource_MISC"], "url": "http://www.ush.it/2005/11/25/free-web-stat/"}, {"name": "freewebstat-logdb-xss(23387)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23387"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-3959", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in FreeWebStat 1.0 rev37 allow remote attackers to inject arbitrary web script or HTML via the (1) site, (2) jsref, (3) jsres, and (4) jscolor parameters to pixel.php, which are not sanitized before being included in the logdb.html file, and (5) the search key to stat.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "freewebstat-stat-search-xss(23391)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23391"}, {"name": "17783", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17783"}, {"name": "20051128 Free Web Stat Multiple XSS Vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/417902/100/0/threaded"}, {"name": "1015301", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015301"}, {"name": "ADV-2005-2646", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2005/2646"}, {"name": "15601", "refsource": "BID", "url": "http://www.securityfocus.com/bid/15601"}, {"name": "http://www.freewebstat.com/changelog-english.html", "refsource": "MISC", "url": "http://www.freewebstat.com/changelog-english.html"}, {"name": "21207", "refsource": "OSVDB", "url": "http://www.osvdb.org/21207"}, {"name": "http://www.ush.it/2005/11/25/free-web-stat/", "refsource": "MISC", "url": "http://www.ush.it/2005/11/25/free-web-stat/"}, {"name": "freewebstat-logdb-xss(23387)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23387"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T23:31:49.084Z"}, "title": "CVE Program Container", "references": [{"name": "freewebstat-stat-search-xss(23391)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23391"}, {"name": "17783", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/17783"}, {"name": "20051128 Free Web Stat Multiple XSS Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/417902/100/0/threaded"}, {"name": "1015301", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1015301"}, {"name": "ADV-2005-2646", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2005/2646"}, {"name": "15601", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/15601"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.freewebstat.com/changelog-english.html"}, {"name": "21207", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/21207"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.ush.it/2005/11/25/free-web-stat/"}, {"name": "freewebstat-logdb-xss(23387)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23387"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-3959", "datePublished": "2005-12-01T11:00:00", "dateReserved": "2005-12-01T00:00:00", "dateUpdated": "2024-08-07T23:31:49.084Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:freewebstat:freewebstat:1.0_rev37:*:*:*:*:*:*:*", "matchCriteriaId": "33E66E98-6A87-481E-ACEA-917AEEA2D26E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in FreeWebStat 1.0 rev37 allow remote attackers to inject arbitrary web script or HTML via the (1) site, (2) jsref, (3) jsres, and (4) jscolor parameters to pixel.php, which are not sanitized before being included in the logdb.html file, and (5) the search key to stat.php."}], "id": "CVE-2005-3959", "lastModified": "2018-10-19T15:39:37.907", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-12-01T06:03:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/17783"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1015301"}, {"source": "cve@mitre.org", "url": "http://www.freewebstat.com/changelog-english.html"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/21207"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/417902/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/15601"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.ush.it/2005/11/25/free-web-stat/"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2005/2646"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23387"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23391"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}