CVE-2005-2186

Multiple cross-site scripting (XSS) vulnerabilities in McAfee IntruShield Security Management System allow remote authenticated users to inject arbitrary web script or HTML via the (1) thirdMenuName or (2) resourceName parameter to SystemEvent.jsp.

CVSS v2.0 1.9 LOW

1.9^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 3.4 / Impact : 2.9

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://marc.info/?l=bugtraq&m=112066594312876&w=2
http://marc.info/?l=bugtraq&m=112076813804503&w=2
http://secunia.com/advisories/15961
http://securitytracker.com/id?1014422

Configurations

Configuration 1 (hide)

cpe:2.3:h:mcafee:intrushield_security_management_system:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2005-07-11 04:00

Updated : 2023-12-10 10:28

NVD link : CVE-2005-2186

Mitre link : CVE-2005-2186

CVE.ORG link : CVE-2005-2186

JSON object : View

Products Affected

mcafee

intrushield_security_management_system

CWE

NVD-CWE-Other

1.9 /10