{ "id": "CVE-2005-4627", "sourceIdentifier": "cve@mitre.org", "published": "2005-12-31T05:00:00.000", "lastModified": "2017-07-20T01:29:20.690", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in index.php in (1) GmailSite 1.0 through 1.0.4 and (2) GFHost 0.1.1 through 0.4.2 allows remote attackers to inject arbitrary web script or HTML via the lng parameter." } ], "metrics": { "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 4.3 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:gfhost:gfhost:0.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "9B87DAFC-3245-49CC-99E0-07765DBEE850" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gfhost:gfhost:0.2:*:*:*:*:*:*:*", "matchCriteriaId": "4F73233E-9E9E-4718-B1AB-BE0CE364315F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gfhost:gfhost:0.3:*:*:*:*:*:*:*", "matchCriteriaId": "3D19941F-1A35-4C3F-B286-D8F8646CD387" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gfhost:gfhost:0.4:*:*:*:*:*:*:*", "matchCriteriaId": "4BD310FC-A338-4C09-B518-21B1F6022E87" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gfhost:gfhost:0.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "965AB611-B682-41CA-B5A3-7BEE5B81F8B8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gfhost:gfhost:0.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "17066B83-AD11-46D2-940A-618F238E0D7E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gmailsite:gmailsite:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "74391689-2796-4F61-9E15-7B9D99DC72CC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gmailsite:gmailsite:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "53C25D0C-4B1E-451D-8AF4-8A760884BFA4" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gmailsite:gmailsite:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "FA8881B0-3380-4BFC-B8E3-968A96AC2DF1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gmailsite:gmailsite:1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "0BDA2CA7-4D7B-4EAB-AA77-27EF791A9EB0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gmailsite:gmailsite:1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "ABF85D13-5D5E-40FB-A161-81D39B21CA8D" } ] } ] } ], "references": [ { "url": "http://foros.ojobuscador.com/tema1936.html", "source": "cve@mitre.org", "tags": [ "Exploit" ] }, { "url": "http://lostmon.blogspot.com/2005/12/gmailsite-variable-cross-site.html", "source": "cve@mitre.org", "tags": [ "Exploit", "Vendor Advisory" ] }, { "url": "http://www.securityfocus.com/bid/16081", "source": "cve@mitre.org", "tags": [ "Exploit" ] }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23912", "source": "cve@mitre.org" } ] }