Lucene search

[email protected]CVE-2008-0574

HistoryFeb 05, 2008 - 2:00 a.m.

CVE-2008-0574

2008-02-0502:00:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2008-0574

cross-site scripting

xss

webspell 4.01.02

nvd

security vulnerability

index.php

sort parameter

5.7 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

71.4%

JSON

Cross-site scripting (XSS) vulnerability in index.php in webSPELL 4.01.02 allows remote attackers to inject arbitrary web script or HTML via the sort parameter in a whoisonline action.

Affected configurations

NVD

Node

webspellwebspellMatch4.01.02

CPENameOperatorVersion
webspell:webspellwebspelleq4.01.02

CPE	Name	Operator	Version
webspell:webspell	webspell	eq	4.01.02

References

secunia.com/advisories/28684

securityreason.com/securityalert/3606

www.securityfocus.com/archive/1/487312/100/0/threaded

www.securityfocus.com/bid/27517

exchange.xforce.ibmcloud.com/vulnerabilities/40084

5.7 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

71.4%

JSON

Related for CVE-2008-0574

prion1 cvelist1 nvd1