Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-0452

13 documents6 sources
Severity
4.3MEDIUM
EPSS
26.6%
top 3.66%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Asp.net
Timeline
PublishedFeb 16
Latest updateMay 1

Description

Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ASP.NET (.Net) 1.0 and 1.1 to SP1 allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including ">" and "<".

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDmicrosoft/asp.net1.0, 1.1+1

🔴Vulnerability Details

2
GHSA
GHSA-x884-m2m8-f8p2: Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ASP2022-05-01
CVEList
CVE-2005-0452: Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ASP2005-02-16

💥Exploits & PoCs

1
Exploit-DB
Microsoft ASP.NET 1.0/1.1 - Unicode Character Conversion Multiple Cross-Site Scripting Vulnerabilities2005-02-16

📋Vendor Advisories

4
Red Hat
perl: File:: Path rmtree race condition (CVE-2005-0448) reintroduced after upstream rebase to 5.8.8-12008-11-19
Red Hat
perl: File:: Path rmtree race condition (CVE-2004-0452) reintroduced after upstream rebase to 5.8.8-12008-11-19
Red Hat
perl: insecure use of chmod in rmtree2008-06-20
Red Hat
security flaw2005-03-09

💬Community

3
Bugzilla
CVE-2008-5302 perl: File::Path rmtree race condition (CVE-2005-0448) reintroduced after upstream rebase to 5.8.8-12008-11-28
Bugzilla
CVE-2008-2827 perl: insecure use of chmod in rmtree2008-06-24
Bugzilla
CVE-2005-0448 perl File::Path.pm rmtree race condition2005-06-20
CVE-2005-0452 (MEDIUM CVSS 4.3) | Multiple cross-site scripting (XSS) | cvebase.io