{"api_version":"1","generated_at":"2026-07-10T18:20:51+00:00","cve":"CVE-2005-4305","urls":{"html":"https://cve.report/CVE-2005-4305","api":"https://cve.report/api/cve/CVE-2005-4305.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2005-4305","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2005-4305"},"summary":{"title":"CVE-2005-4305","description":"Cross-site scripting (XSS) vulnerability in Edgewall Trac 0.9, 0.9.1, and 0.9.2 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly sanitized before it is returned in an error page.","state":"PUBLISHED","assigner":"mitre","published_at":"2005-12-17 00:03:00","updated_at":"2025-04-03 01:03:51"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.3","severity":"","vector":"AV:N/AC:M/Au:N/C:N/I:P/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"}}],"references":[{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/23775","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/23775","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://projects.edgewall.com/trac/wiki/ChangeLog","name":"http://projects.edgewall.com/trac/wiki/ChangeLog","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"ChangeLog - The Trac Project - Trac","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://securitytracker.com/id?1015363","name":"http://securitytracker.com/id?1015363","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Edgewall Trac Input Validation Bug Permits Cross-Site Scripting Attacks - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/16386","name":"http://www.securityfocus.com/bid/16386","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Edgewall Software Trac Cross-Site Scripting Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://secunia.com/advisories/18048","name":"http://secunia.com/advisories/18048","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Secunia - Advisories - Trac URL Path Cross-Site Scripting Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.gentoo.org/security/en/glsa/glsa-200601-12.xml","name":"http://www.gentoo.org/security/en/glsa/glsa-200601-12.xml","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Gentoo Linux Documentation\n--\n  Trac: Cross-site scripting vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/18625","name":"http://secunia.com/advisories/18625","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Secunia - Advisories - Gentoo update for trac","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2005/2936","name":"http://www.vupen.com/english/advisories/2005/2936","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2005-4305","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2005-4305","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2005","cve_id":"4305","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"edgewall_software","cpe5":"trac","cpe6":"0.9","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2005","cve_id":"4305","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"edgewall_software","cpe5":"trac","cpe6":"0.9.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2005","cve_id":"4305","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"edgewall_software","cpe5":"trac","cpe6":"0.9.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T23:38:51.647Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"GLSA-200601-12","tags":["vendor-advisory","x_refsource_GENTOO","x_transferred"],"url":"http://www.gentoo.org/security/en/glsa/glsa-200601-12.xml"},{"name":"1015363","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://securitytracker.com/id?1015363"},{"name":"ADV-2005-2936","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2005/2936"},{"name":"16386","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/16386"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://projects.edgewall.com/trac/wiki/ChangeLog"},{"name":"trac-url-path-xss(23775)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/23775"},{"name":"18048","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/18048"},{"name":"18625","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/18625"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2005-12-16T00:00:00.000Z","descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in Edgewall Trac 0.9, 0.9.1, and 0.9.2 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly sanitized before it is returned in an error page."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-07-19T15:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"GLSA-200601-12","tags":["vendor-advisory","x_refsource_GENTOO"],"url":"http://www.gentoo.org/security/en/glsa/glsa-200601-12.xml"},{"name":"1015363","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://securitytracker.com/id?1015363"},{"name":"ADV-2005-2936","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2005/2936"},{"name":"16386","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/16386"},{"tags":["x_refsource_CONFIRM"],"url":"http://projects.edgewall.com/trac/wiki/ChangeLog"},{"name":"trac-url-path-xss(23775)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/23775"},{"name":"18048","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/18048"},{"name":"18625","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/18625"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2005-4305","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Cross-site scripting (XSS) vulnerability in Edgewall Trac 0.9, 0.9.1, and 0.9.2 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly sanitized before it is returned in an error page."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"GLSA-200601-12","refsource":"GENTOO","url":"http://www.gentoo.org/security/en/glsa/glsa-200601-12.xml"},{"name":"1015363","refsource":"SECTRACK","url":"http://securitytracker.com/id?1015363"},{"name":"ADV-2005-2936","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2005/2936"},{"name":"16386","refsource":"BID","url":"http://www.securityfocus.com/bid/16386"},{"name":"http://projects.edgewall.com/trac/wiki/ChangeLog","refsource":"CONFIRM","url":"http://projects.edgewall.com/trac/wiki/ChangeLog"},{"name":"trac-url-path-xss(23775)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/23775"},{"name":"18048","refsource":"SECUNIA","url":"http://secunia.com/advisories/18048"},{"name":"18625","refsource":"SECUNIA","url":"http://secunia.com/advisories/18625"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2005-4305","datePublished":"2005-12-17T00:00:00.000Z","dateReserved":"2005-12-16T00:00:00.000Z","dateUpdated":"2024-08-07T23:38:51.647Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2005-12-17 00:03:00","lastModifiedDate":"2025-04-03 01:03:51","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:edgewall_software:trac:0.9:*:*:*:*:*:*:*","matchCriteriaId":"ACF7E7DA-385E-4C8E-90BF-308213EA0550"},{"vulnerable":true,"criteria":"cpe:2.3:a:edgewall_software:trac:0.9.1:*:*:*:*:*:*:*","matchCriteriaId":"C62BB91A-3627-4149-9935-86BB5FF5EE62"},{"vulnerable":true,"criteria":"cpe:2.3:a:edgewall_software:trac:0.9.2:*:*:*:*:*:*:*","matchCriteriaId":"9AF72084-56B5-4E1B-B701-887984789068"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2005","CveId":"4305","Ordinal":"1","Title":"CVE-2005-4305","CVE":"CVE-2005-4305","Year":"2005"},"notes":[{"CveYear":"2005","CveId":"4305","Ordinal":"1","NoteData":"Cross-site scripting (XSS) vulnerability in Edgewall Trac 0.9, 0.9.1, and 0.9.2 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly sanitized before it is returned in an error page.","Type":"Description","Title":"CVE-2005-4305"},{"CveYear":"2005","CveId":"4305","Ordinal":"2","NoteData":"2005-12-16","Type":"Other","Title":"Published"},{"CveYear":"2005","CveId":"4305","Ordinal":"3","NoteData":"2017-07-19","Type":"Other","Title":"Modified"}]}}}