Vulnerability Details : CVE-2005-4599
Cross-site scripting (XSS) vulnerability in tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows remote attackers to inject arbitrary web script or HTML via the index parameter.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2005-4599
- cpe:2.3:a:moxiecode:tinymce_compressor_php:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2005-4599
0.46%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 76 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2005-4599
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
References for CVE-2005-4599
-
http://tinymce.moxiecode.com/punbb/viewtopic.php?id=2244
Web App - Unavailable
-
http://www.hardened-php.net/advisory_262005.111.html
Hardened PHP - Hardened-PHPVendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/23906
-
http://tinymce.moxiecode.com/punbb/viewtopic.php?id=2233
Web App - UnavailablePatch
-
http://www.securityfocus.com/archive/1/420543/100/0/threaded
-
http://securitytracker.com/id?1015424
GoDaddy Domain Name Search
-
http://www.securityfocus.com/bid/16083
Patch
Jump to