PT-2005-5386 · Tms · Tmspublisher
Published
2005-12-31
·
Updated
2017-07-20
·
CVE-2005-4721
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
tmsPUBLISHER version 3.3
Description
The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the
q parameter in the "search.cfm" file.Recommendations
For tmsPUBLISHER version 3.3, consider restricting access to the "search.cfm" file until a patch is available, and avoid using the
q parameter in this file to minimize the risk of exploitation.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Tmspublisher