Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2008-0583
HistoryFeb 05, 2008 - 3:00 a.m.

CVE-2008-0583

2008-02-0503:00:00
CWE-94
mitre
web.nvd.nist.gov
27
cve-2008-0583
skype
cross-zone scripting
vulnerability
internet explorer
web control
metacafe
user-assisted remote attackers
arbitrary web script
html
windows
metacafe pro
skype video gallery
security
nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.1

Confidence

High

EPSS

0.397

Percentile

97.3%

JSON

Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Description and unspecified other metadata fields of a Metacafe movie submitted by Metacafe Pro to the Skype video gallery, accessible through a search within the (1) “Add video to chat” or (2) “Add video to mood” dialog, a different vector than CVE-2008-0454.

Affected configurations

Nvd
Node
skype_technologiesskypeMatch3.5
OR
skype_technologiesskypeMatch3.6
OR
skype_technologiesskypeMatch3.6.216
OR
skype_technologiesskypeMatch3.6.244
VendorProductVersionCPE
skype_technologiesskype3.5cpe:2.3:a:skype_technologies:skype:3.5:*:*:*:*:*:*:*
skype_technologiesskype3.6cpe:2.3:a:skype_technologies:skype:3.6:*:*:*:*:*:*:*
skype_technologiesskype3.6.216cpe:2.3:a:skype_technologies:skype:3.6.216:*:*:*:*:*:*:*
skype_technologiesskype3.6.244cpe:2.3:a:skype_technologies:skype:3.6.244:*:*:*:*:*:*:*

Related

cvelist 2
nvd 2
prion 2
nessus 1
cert 1
cve 1
cvelist
cvelist
CVE-2008-0583
2008-02-05 02:00:00
CVE-2008-0454
2008-01-25 00:00:00
nvd
nvd
CVE-2008-0583
2008-02-05 03:00:00
CVE-2008-0454
2008-01-25 01:00:00
prion
prion
Cross site scripting
2008-02-05 03:00:00
Cross site scripting
2008-01-25 01:00:00
nessus
nessus
Skype Web Content Zone Multiple Field Remote Code Execution (uncredentialed check)
2008-02-07 00:00:00
cert
cert
SkypeFind fails to properly sanitize user-supplied input
2008-02-13 00:00:00
cve
cve
CVE-2008-0454
2008-01-25 01:00:00

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.1

Confidence

High

EPSS

0.397

Percentile

97.3%

JSON
Related for CVE-2008-0583
cvelist2nvd2prion2nessus1cert1cve1