CVE-2005-3851 - Cross-site scripting (XSS) vulnerability in search.asp in Online Attendance System (OASYS) Lite 1.0

CVE-2005-3851

Summary

Cross-site scripting (XSS) vulnerability in search.asp in Online Attendance System (OASYS) Lite 1.0 allows remote attackers to inject arbitrary web script or HTML via certain search parameters, possibly the keyword parameter.

References

http://pridels0.blogspot.com/2005/11/oasys-lite-10-searchasp-xss-vuln.html
http://secunia.com/advisories/17712
http://www.osvdb.org/21095
http://www.securityfocus.com/bid/15605
http://www.vupen.com/english/advisories/2005/2583

Vulnerable Configurations

cpe:2.3:a:onlinetechtools.com:oasys_lite:1.0:*:*:*:*:*:*:*
cpe:2.3:a:onlinetechtools.com:oasys_lite:1.0:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 08-03-2011 - 02:27)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

bid	15605
misc	http://pridels0.blogspot.com/2005/11/oasys-lite-10-searchasp-xss-vuln.html
osvdb	21095
secunia	17712
vupen	ADV-2005-2583

Last major update

08-03-2011 - 02:27

Published

27-11-2005 - 11:03

Last modified

08-03-2011 - 02:27