{"api_version":"1","generated_at":"2026-07-10T18:19:36+00:00","cve":"CVE-2005-4644","urls":{"html":"https://cve.report/CVE-2005-4644","api":"https://cve.report/api/cve/CVE-2005-4644.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2005-4644","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2005-4644"},"summary":{"title":"CVE-2005-4644","description":"Cross-site scripting (XSS) vulnerability in the HTML WikiProcessor in Edgewall Trac 0.9.2 allows remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an IMG tag.","state":"PUBLISHED","assigner":"mitre","published_at":"2005-12-31 05:00:00","updated_at":"2025-04-03 01:03:51"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.3","severity":"","vector":"AV:N/AC:M/Au:N/C:N/I:P/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"}}],"references":[{"url":"http://trac.edgewall.org/ticket/2473","name":"http://trac.edgewall.org/ticket/2473","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"#2473 (XSS scripting attack possible from html wikiprocessor) - The Trac Project - Trac","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/18465","name":"http://secunia.com/advisories/18465","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Secunia - Advisories - Trac HTML WikiProcessor Script Insertion Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/18555","name":"http://secunia.com/advisories/18555","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Debian update for trac - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/16198","name":"http://www.securityfocus.com/bid/16198","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"Edgewall Software Trac HTML WikiProcessor Wiki Content HTML Injection Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://projects.edgewall.com/trac/ticket/2473","name":"http://projects.edgewall.com/trac/ticket/2473","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Vendor Advisory"],"title":"#2473 (XSS scripting attack possible from html wikiprocessor) - The Trac Project - Trac","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2006/0226","name":"http://www.vupen.com/english/advisories/2006/0226","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/24183","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/24183","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.debian.org/security/2006/dsa-951","name":"http://www.debian.org/security/2006/dsa-951","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Debian -- Security Information -- DSA-951-2 trac","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2005-4644","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2005-4644","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2005","cve_id":"4644","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"edgewall_software","cpe5":"trac","cpe6":"0.9.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T23:53:28.548Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"18555","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/18555"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://trac.edgewall.org/ticket/2473"},{"name":"trac-html-xss(24183)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/24183"},{"name":"18465","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/18465"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://projects.edgewall.com/trac/ticket/2473"},{"name":"ADV-2006-0226","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2006/0226"},{"name":"16198","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/16198"},{"name":"DSA-951","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"http://www.debian.org/security/2006/dsa-951"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2005-12-11T00:00:00.000Z","descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in the HTML WikiProcessor in Edgewall Trac 0.9.2 allows remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an IMG tag."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-07-19T15:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"18555","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/18555"},{"tags":["x_refsource_CONFIRM"],"url":"http://trac.edgewall.org/ticket/2473"},{"name":"trac-html-xss(24183)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/24183"},{"name":"18465","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/18465"},{"tags":["x_refsource_CONFIRM"],"url":"http://projects.edgewall.com/trac/ticket/2473"},{"name":"ADV-2006-0226","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2006/0226"},{"name":"16198","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/16198"},{"name":"DSA-951","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"http://www.debian.org/security/2006/dsa-951"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2005-4644","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Cross-site scripting (XSS) vulnerability in the HTML WikiProcessor in Edgewall Trac 0.9.2 allows remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an IMG tag."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"18555","refsource":"SECUNIA","url":"http://secunia.com/advisories/18555"},{"name":"http://trac.edgewall.org/ticket/2473","refsource":"CONFIRM","url":"http://trac.edgewall.org/ticket/2473"},{"name":"trac-html-xss(24183)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/24183"},{"name":"18465","refsource":"SECUNIA","url":"http://secunia.com/advisories/18465"},{"name":"http://projects.edgewall.com/trac/ticket/2473","refsource":"CONFIRM","url":"http://projects.edgewall.com/trac/ticket/2473"},{"name":"ADV-2006-0226","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2006/0226"},{"name":"16198","refsource":"BID","url":"http://www.securityfocus.com/bid/16198"},{"name":"DSA-951","refsource":"DEBIAN","url":"http://www.debian.org/security/2006/dsa-951"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2005-4644","datePublished":"2006-01-11T21:00:00.000Z","dateReserved":"2006-01-11T00:00:00.000Z","dateUpdated":"2024-08-07T23:53:28.548Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2005-12-31 05:00:00","lastModifiedDate":"2025-04-03 01:03:51","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:edgewall_software:trac:0.9.2:*:*:*:*:*:*:*","matchCriteriaId":"9AF72084-56B5-4E1B-B701-887984789068"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2005","CveId":"4644","Ordinal":"1","Title":"CVE-2005-4644","CVE":"CVE-2005-4644","Year":"2005"},"notes":[{"CveYear":"2005","CveId":"4644","Ordinal":"1","NoteData":"Cross-site scripting (XSS) vulnerability in the HTML WikiProcessor in Edgewall Trac 0.9.2 allows remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an IMG tag.","Type":"Description","Title":"CVE-2005-4644"},{"CveYear":"2005","CveId":"4644","Ordinal":"2","NoteData":"2006-01-11","Type":"Other","Title":"Published"},{"CveYear":"2005","CveId":"4644","Ordinal":"3","NoteData":"2017-07-19","Type":"Other","Title":"Modified"}]}}}