Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-1901

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2005-1901
Last Modified 05 Sep 2008 04:50:23
Published 09 Jun 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2005-1901

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Sawmill before 7.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) the username in the Add User window or (2) the license key in the Licensing page.

Vulnerable Systems

Application

  • Sawmill 7.1

  • Sawmill 7.1.1

  • Sawmill 7.1.1b

  • Sawmill 7.1.2

  • Sawmill 7.1.3

  • Sawmill 7.1.4

  • Sawmill 7.1.5


References

SECUNIA - 15499

XF - sawmill-add-user-xss(20881)

CONFIRM - http://www.sawmill.net/version_history7.html

OSVDB - 17103

OSVDB - 17102

MISC - http://www.networksecurity.fi/advisories/sawmill-admin.html

SECTRACK - 1014106


Last Updated: 27 May 2016 10:40:20