Cross-Site Scripting Flaws in MySQL Eventum by MySQL
CVE-2005-2467

Currently unrated

Key Information:

Vendor: Mysql
Status: Eventum
Vendor: CVE Published:; 31 December 2005

What is CVE-2005-2467?

MySQL Eventum versions up to 1.5.5 are susceptible to multiple cross-site scripting (XSS) vulnerabilities. These weaknesses allow attackers to inject arbitrary web scripts or HTML into the application. Specifically, the vulnerabilities can be triggered via the 'id' parameter in view.php, the 'release' parameter in list.php, and the 'F' parameter in get_jsrs_data.php. Successful exploitation may lead to unauthorized actions carried out on behalf of users, reinforcing the necessity for patching and securing vulnerable environments.

References

http://www.vupen.com/english/advisories/2005/1287

vdb-entryx_refsource_VUPEN

http://secunia.com/advisories/16304

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/14436

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 31, 2005
Vulnerability Reserved
Aug 5, 2005

JSON

Mysql

What is CVE-2005-2467?

References

Timeline