CVE-2005-2950

Cross-site scripting (XSS) vulnerability in Sawmill 7.0.0 through 7.1.13 allows remote attackers to inject arbitrary web script or HTML via the query string in an HTTP GET request.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://marc.info/?l=bugtraq&m=112654659400488&w=2
http://secunia.com/advisories/16744/
http://securityreason.com/securityalert/1
http://www.nta-monitor.com/news/xss/sawmill/index.htm	Exploit Vendor Advisory
http://www.sawmill.net/version_history.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/22206
http://marc.info/?l=bugtraq&m=112654659400488&w=2
http://secunia.com/advisories/16744/
http://securityreason.com/securityalert/1
http://www.nta-monitor.com/news/xss/sawmill/index.htm	Exploit Vendor Advisory
http://www.sawmill.net/version_history.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/22206

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sawmill:sawmill:7.0.0:::::::*
	cpe:2.3:a:sawmill:sawmill:7.0.1:::::::*
	cpe:2.3:a:sawmill:sawmill:7.0.2:::::::*
	cpe:2.3:a:sawmill:sawmill:7.0.3:::::::*
	cpe:2.3:a:sawmill:sawmill:7.0.4:::::::*
	cpe:2.3:a:sawmill:sawmill:7.0.5:::::::*
	cpe:2.3:a:sawmill:sawmill:7.0.6:::::::*
	cpe:2.3:a:sawmill:sawmill:7.0.7:::::::*
	cpe:2.3:a:sawmill:sawmill:7.0.8:::::::*
	cpe:2.3:a:sawmill:sawmill:7.0.9:::::::*
	cpe:2.3:a:sawmill:sawmill:7.0.10:::::::*
	cpe:2.3:a:sawmill:sawmill:7.0.10a:::::::*
	cpe:2.3:a:sawmill:sawmill:7.0.10b:::::::*
	cpe:2.3:a:sawmill:sawmill:7.0.10c:::::::*
	cpe:2.3:a:sawmill:sawmill:7.0.10d:::::::*
	cpe:2.3:a:sawmill:sawmill:7.0.10e:::::::*
	cpe:2.3:a:sawmill:sawmill:7.0.10f:::::::*
	cpe:2.3:a:sawmill:sawmill:7.0.10g:::::::*
	cpe:2.3:a:sawmill:sawmill:7.0.10h:::::::*
	cpe:2.3:a:sawmill:sawmill:7.0.10i:::::::*
	cpe:2.3:a:sawmill:sawmill:7.0.10j:::::::*
	cpe:2.3:a:sawmill:sawmill:7.0.10k:::::::*
	cpe:2.3:a:sawmill:sawmill:7.1:::::::*
	cpe:2.3:a:sawmill:sawmill:7.1.1:::::::*
	cpe:2.3:a:sawmill:sawmill:7.1.2:::::::*
	cpe:2.3:a:sawmill:sawmill:7.1.3:::::::*
	cpe:2.3:a:sawmill:sawmill:7.1.4:::::::*
	cpe:2.3:a:sawmill:sawmill:7.1.5:::::::*
	cpe:2.3:a:sawmill:sawmill:7.1.6:::::::*
	cpe:2.3:a:sawmill:sawmill:7.1.7:::::::*
	cpe:2.3:a:sawmill:sawmill:7.1.8:::::::*
	cpe:2.3:a:sawmill:sawmill:7.1.9:::::::*
	cpe:2.3:a:sawmill:sawmill:7.1.10:::::::*
	cpe:2.3:a:sawmill:sawmill:7.1.11:::::::*
	cpe:2.3:a:sawmill:sawmill:7.1.12:::::::*
	cpe:2.3:a:sawmill:sawmill:7.1.13:::::::*
	cpe:2.3:a:sawmill:sawmill:7.1.14:::::::*

History

21 Nov 2024, 00:00

Type	Values Removed	Values Added
References	~~() http://marc.info/?l=bugtraq&m=112654659400488&w=2 -~~	() http://marc.info/?l=bugtraq&m=112654659400488&w=2 -
References	~~() http://secunia.com/advisories/16744/ -~~	() http://secunia.com/advisories/16744/ -
References	~~() http://securityreason.com/securityalert/1 -~~	() http://securityreason.com/securityalert/1 -
References	~~() http://www.nta-monitor.com/news/xss/sawmill/index.htm - Exploit, Vendor Advisory~~	() http://www.nta-monitor.com/news/xss/sawmill/index.htm - Exploit, Vendor Advisory
References	~~() http://www.sawmill.net/version_history.html -~~	() http://www.sawmill.net/version_history.html -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/22206 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/22206 -

Information

Published : 2005-09-16 22:03

Updated : 2025-04-03 01:03

NVD link : CVE-2005-2950

Mitre link : CVE-2005-2950

CVE.ORG link : CVE-2005-2950

JSON object : View

Products Affected

sawmill

sawmill

CWE

NVD-CWE-Other

{"id": "CVE-2005-2950", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2005-09-16T22:03:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=112654659400488&w=2", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/16744/", "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/1", "source": "cve@mitre.org"}, {"url": "http://www.nta-monitor.com/news/xss/sawmill/index.htm", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.sawmill.net/version_history.html", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22206", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=112654659400488&w=2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/16744/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securityreason.com/securityalert/1", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.nta-monitor.com/news/xss/sawmill/index.htm", "tags": ["Exploit", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.sawmill.net/version_history.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22206", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Sawmill 7.0.0 through 7.1.13 allows remote attackers to inject arbitrary web script or HTML via the query string in an HTTP GET request."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sawmill:sawmill:7.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F60FCBD-D8B1-4E69-B8C3-32659106B636"}, {"criteria": "cpe:2.3:a:sawmill:sawmill:7.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44518027-BCA4-45E5-8416-75FE36AD6D63"}, {"criteria": "cpe:2.3:a:sawmill:sawmill:7.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "21913F12-4790-487D-84F4-48EB09AB042A"}, {"criteria": "cpe:2.3:a:sawmill:sawmill:7.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D6CC4EE-265E-47D2-B820-ACB4EF100953"}, {"criteria": "cpe:2.3:a:sawmill:sawmill:7.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3CDC8E37-ADF0-452D-A344-8A93ACB89D26"}, {"criteria": "cpe:2.3:a:sawmill:sawmill:7.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A78385D9-4652-48ED-A5E7-F50340D70F0F"}, {"criteria": "cpe:2.3:a:sawmill:sawmill:7.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "27A6E5F4-73AF-4BDB-A2B4-2F24064F1D21"}, {"criteria": "cpe:2.3:a:sawmill:sawmill:7.0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3FD29FBC-959E-4EBA-9C5A-7B6BCF53A2C7"}, {"criteria": "cpe:2.3:a:sawmill:sawmill:7.0.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C91865B-6527-466D-A88D-17E1CC8A1B89"}, {"criteria": "cpe:2.3:a:sawmill:sawmill:7.0.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BAAFA876-B95A-40E5-9E42-8B37315BDE94"}, {"criteria": "cpe:2.3:a:sawmill:sawmill:7.0.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E3D5C1E-80B7-413B-B49D-8DE6CC919770"}, {"criteria": "cpe:2.3:a:sawmill:sawmill:7.0.10a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06D5321E-DE25-4FC4-81EC-E6C9EC7BA836"}, {"criteria": "cpe:2.3:a:sawmill:sawmill:7.0.10b:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B790CF30-97C7-46A2-A300-E4D417870DEB"}, {"criteria": "cpe:2.3:a:sawmill:sawmill:7.0.10c:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A328FB8-ECC3-47D8-82B4-89372DD9A324"}, {"criteria": "cpe:2.3:a:sawmill:sawmill:7.0.10d:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5FC7D8F1-454E-43A5-A886-3EA91E05F3DE"}, {"criteria": "cpe:2.3:a:sawmill:sawmill:7.0.10e:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1916BD3D-51AF-4A25-8EAA-018C84B58B6C"}, {"criteria": "cpe:2.3:a:sawmill:sawmill:7.0.10f:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B1DB0AB-5BC6-4C26-8223-E6F11FDC8293"}, {"criteria": "cpe:2.3:a:sawmill:sawmill:7.0.10g:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6BD07081-4460-4633-AE01-36BEE03193A9"}, {"criteria": "cpe:2.3:a:sawmill:sawmill:7.0.10h:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE8B60B1-DA99-46BC-AA84-0D5D620D6160"}, {"criteria": "cpe:2.3:a:sawmill:sawmill:7.0.10i:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB2979BD-01B9-4BF3-9C24-E529D11F435C"}, {"criteria": "cpe:2.3:a:sawmill:sawmill:7.0.10j:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6DF43285-C448-436D-9089-C6D97802DCDD"}, {"criteria": "cpe:2.3:a:sawmill:sawmill:7.0.10k:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "65814DFE-6E73-4C78-BAAA-B7FBA9FBF526"}, {"criteria": "cpe:2.3:a:sawmill:sawmill:7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A088B4E4-9A13-4F39-9708-40529410AB03"}, {"criteria": "cpe:2.3:a:sawmill:sawmill:7.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4F21B42F-56C2-422C-BFC8-701EDDCBE9E4"}, {"criteria": "cpe:2.3:a:sawmill:sawmill:7.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "51A84B18-C5EA-4038-8123-1C9C2511BBCE"}, {"criteria": "cpe:2.3:a:sawmill:sawmill:7.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "68176849-3128-4112-BCF0-577253552456"}, {"criteria": "cpe:2.3:a:sawmill:sawmill:7.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE9E422E-7EB8-407D-9DC4-4CCB83FAC834"}, {"criteria": "cpe:2.3:a:sawmill:sawmill:7.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7887413C-0F1B-4EBC-8E97-8ECC9EB8336D"}, {"criteria": "cpe:2.3:a:sawmill:sawmill:7.1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9F909B4-62F6-4FD4-A0FB-F0BE918A2553"}, {"criteria": "cpe:2.3:a:sawmill:sawmill:7.1.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4F95EF53-7961-42A8-9BC5-0C53D6E81925"}, {"criteria": "cpe:2.3:a:sawmill:sawmill:7.1.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1737B143-D96E-4B6F-9623-E5F41EB70074"}, {"criteria": "cpe:2.3:a:sawmill:sawmill:7.1.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2CF662B3-B127-4EB4-AD53-E528E626356C"}, {"criteria": "cpe:2.3:a:sawmill:sawmill:7.1.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "830F3AE5-B93F-48E4-B6EB-A5D2974274E4"}, {"criteria": "cpe:2.3:a:sawmill:sawmill:7.1.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FCF0A754-420A-483E-BCD4-A46FC034D587"}, {"criteria": "cpe:2.3:a:sawmill:sawmill:7.1.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF319AD0-BEEB-4348-A0BE-EAB4DB1D7F22"}, {"criteria": "cpe:2.3:a:sawmill:sawmill:7.1.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C200EAB1-5F45-408D-BF1B-BEDAD2B1C06B"}, {"criteria": "cpe:2.3:a:sawmill:sawmill:7.1.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA5873ED-6E24-414A-92E9-01CE03C83284"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

4.3 /10