CVE-2005-1901

medium

Description

Multiple cross-site scripting (XSS) vulnerabilities in Sawmill before 7.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) the username in the Add User window or (2) the license key in the Licensing page.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/20881

http://www.sawmill.net/version_history7.html

http://www.osvdb.org/17103

http://www.osvdb.org/17102

http://www.networksecurity.fi/advisories/sawmill-admin.html

http://securitytracker.com/id?1014106

http://secunia.com/advisories/15499

Details

Source: Mitre, NVD

Published: 2005-06-09

Updated: 2024-11-20

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N