Lucene search

[email protected]CVE-2008-0496

HistoryJan 30, 2008 - 10:00 p.m.

CVE-2008-0496

2008-01-3022:00:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2008-0496

cross-site scripting

xss

ampjuke 0.7.0

vulnerability

web script

html

search action

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.0%

JSON

Cross-site scripting (XSS) vulnerability in index.php in AmpJuke 0.7.0 allows remote attackers to inject arbitrary web script or HTML via the limit parameter in a search action.

Affected configurations

NVD

Node

ampjukeampjukeMatch0.7.0

CPENameOperatorVersion
ampjuke:ampjukeampjukeeq0.7.0

CPE	Name	Operator	Version
ampjuke:ampjuke	ampjuke	eq	0.7.0

References

secunia.com/advisories/28661

securityreason.com/securityalert/3594

www.securityfocus.com/archive/1/487258/100/0/threaded

www.securityfocus.com/bid/27498

www.vupen.com/english/advisories/2008/0332

exchange.xforce.ibmcloud.com/vulnerabilities/40023

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.0%

JSON

Related for CVE-2008-0496

nvd1 prion1 cvelist1