CVE-2005-3967: XSS
First published: Sat Dec 03 2005(Updated: )
Cross-site scripting (XSS) vulnerability in the dosearchsite.action module in Atlassian Confluence 2.0.1 Build 321 allows remote attackers to inject arbitrary web script or HTML via the searchQuery.queryString search module parameter.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Atlassian Confluence | =2.0.1_build_321 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2005-3967?
CVE-2005-3967 is classified as a high severity vulnerability due to its potential to allow remote attackers to execute arbitrary scripts.
How do I fix CVE-2005-3967?
To fix CVE-2005-3967, you should upgrade Atlassian Confluence to a version that is not affected by this vulnerability.
What type of attack is associated with CVE-2005-3967?
CVE-2005-3967 is associated with cross-site scripting (XSS) attacks, which can be used to inject malicious code into web pages.
Which version of Atlassian Confluence is affected by CVE-2005-3967?
Atlassian Confluence version 2.0.1 Build 321 is specifically affected by CVE-2005-3967.
Can CVE-2005-3967 be exploited without authentication?
Yes, CVE-2005-3967 can be exploited by unauthenticated remote attackers, making it particularly dangerous.
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/remedy
- agent/references
- agent/author
- agent/tags
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- vendor/atlassian
- canonical/atlassian confluence
- version/atlassian confluence/2.0.1_build_321