Vulnerabilities > CVE-2005-4284 - Cross-Site Scripting vulnerability in StaticStore Search.CGI

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

static-store

NVD

Published: 2005-12-16

Updated: 2011-03-08

Summary

Cross-site scripting (XSS) vulnerability in StaticStore Search Engine 1.189A and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to search.cgi, possibly the keywords parameter. NOTE: this issue was originally disputed by the vendor, but it has since been acknowledged.

Vulnerable Configurations

Part	Description	Count
Application	Static_Store Static Store Staticstore *	1

References

http://pridels0.blogspot.com/2005/12/staticstore-search-engine-friendly-e.html
http://secunia.com/advisories/18037
http://www.osvdb.org/21714
http://www.osvdb.org/22032
http://www.securityfocus.com/bid/15895
http://www.vupen.com/english/advisories/2005/2915