CVE-2005-4398
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
20/12/2005
Last modified:
03/04/2025
Description
NOTE: the vendor has disputed this issue. Cross-site scripting (XSS) vulnerability in lemoon 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the q parameter. NOTE: the vendor has disputed this issue, saying "Sites are built on top of ASP.NET and you use lemoon core objects to easily manage and render content. The XSS vuln. you are referring to exists in one of our public sites built on lemoon i.e. a custom made site (as all sites are). The problem exists in a UserControl that handles form input and is in no way related to the lemoon core product.
Impact
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:mindroute_software:lemoon:*:*:*:*:*:*:*:* | 2.0 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://pridels0.blogspot.com/2005/12/lemoon-xss-vuln.html
- http://secunia.com/advisories/18119
- http://www.osvdb.org/21820
- http://www.securityfocus.com/bid/15949
- http://pridels0.blogspot.com/2005/12/lemoon-xss-vuln.html
- http://secunia.com/advisories/18119
- http://www.osvdb.org/21820
- http://www.securityfocus.com/bid/15949