Lucene search

[email protected]CVE-2008-0400

HistoryJan 23, 2008 - 12:00 p.m.

CVE-2008-0400

2008-01-2312:00:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2008-0400

cross-site scripting

xss

vulnerability

singapore 0.10.1

nvd

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

60.6%

JSON

Cross-site scripting (XSS) vulnerability in header.tpl.php in the modern template for Singapore 0.10.1 allows remote attackers to inject arbitrary web script or HTML via the gallery parameter to default.php.

Affected configurations

NVD

Node

modernmodernMatch1.3.2

singaporesingaporeMatch0.10.1

CPENameOperatorVersion
modern:modernmoderneq1.3.2
singapore:singaporesingaporeeq0.10.1

CPE	Name	Operator	Version
modern:modern	modern	eq	1.3.2
singapore:singapore	singapore	eq	0.10.1

References

secunia.com/advisories/28573

trew.icenetx.net/toolz/advisory-singapore-modern-template.txt

www.securityfocus.com/bid/27382

www.vupen.com/english/advisories/2008/0234

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

60.6%

JSON

Related for CVE-2008-0400

prion1 nvd1 cvelist1