Vulnerabilities > CVE-2005-4492 - Cross-SIte Scripting vulnerability in Starphire Technologies SiteSage

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

starphire-technologies

NVD

Published: 2005-12-22

Updated: 2011-03-08

Summary

Cross-site scripting (XSS) vulnerability in Starphire SiteSage 5.0.18 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the norelay_highlight_words parameter.

Vulnerable Configurations

Part	Description	Count
Application	Starphire_Technologies Starphire Technologies Sitesage 5.0.18 Starphire Technologies Sitesage EE * Starphire Technologies Sitesage LE * Starphire Technologies Sitesage SB * Starphire Technologies Sitesage SE *	5

References

http://pridels0.blogspot.com/2005/12/sitesage-xss-vuln.html
http://secunia.com/advisories/18214
http://www.osvdb.org/21861
http://www.securityfocus.com/bid/16017
http://www.vupen.com/english/advisories/2005/3051