Vulnerability Details : CVE-2005-2674
Note: the vendor has disputed this issue. Multiple cross-site scripting (XSS) vulnerabilities in Land Down Under (LDU) 800 allow remote attackers to inject arbitrary web script or HTML via the (1) c or (2) m parameters to index.php or (3) w parameter to journal.php. NOTE: this issue has been disputed by the vendor, who says "None of the tricks written there are working, the variables are properly sanitized and no LDU version is affected.
Vulnerability category: Cross site scripting (XSS)
Exploit prediction scoring system (EPSS) score for CVE-2005-2674
Probability of exploitation activity in the next 30 days: 0.33%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 67 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2005-2674
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
References for CVE-2005-2674
-
http://securitytracker.com/id?1014747
securitytracker.comExploit
-
http://www.neocrome.net
403 Forbidden
-
http://www.securityfocus.com/bid/14619
Exploit
-
http://marc.info/?l=bugtraq&m=112456235729717&w=2
'Bugs Land Down Under v800' - MARC
Products affected by CVE-2005-2674
- cpe:2.3:a:neocrome:land_down_under:800:*:*:*:*:*:*:*