Vulnerabilities > CVE-2005-2950 - Cross-Site Scripting vulnerability in Sawmill
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Cross-site scripting (XSS) vulnerability in Sawmill 7.0.0 through 7.1.13 allows remote attackers to inject arbitrary web script or HTML via the query string in an HTTP GET request.
Vulnerable Configurations
Nessus
| NASL family | CGI abuses : XSS |
| NASL id | SAWMILL_7_1_14.NASL |
| description | The version of Sawmill running on the remote web server is affected by a cross-site scripting vulnerability due to improper validation of user-supplied input appended to a GET request. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 19681 |
| published | 2005-09-12 |
| reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/19681 |
| title | Sawmill < 7.1.14 GET Request Query String XSS |