Lucene search

MitreCVE-2008-0618

HistoryFeb 06, 2008 - 12:00 p.m.

CVE-2008-0618

2008-02-0612:00:00

CWE-79

mitre

web.nvd.nist.gov

dmsguestbook

wordpress

xss

cve-2008-0618

security vulnerability

web script

html

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.001

Percentile

46.7%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the DMSGuestbook 1.8.0 and 1.7.0 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) gbname, (2) gbemail, (3) gburl, and (4) gbmsg parameters to unspecified programs. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Affected configurations

Nvd

Node

dmsguestbook_projectdmsguestbookMatch1.7.0wordpress

dmsguestbook_projectdmsguestbookMatch1.8.0wordpress

VendorProductVersionCPE
dmsguestbook_projectdmsguestbook1.7.0cpe:2.3:a:dmsguestbook_project:dmsguestbook:1.7.0:*:*:*:*:wordpress:*:*
dmsguestbook_projectdmsguestbook1.8.0cpe:2.3:a:dmsguestbook_project:dmsguestbook:1.8.0:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
dmsguestbook_project	dmsguestbook	1.7.0	cpe:2.3:a:dmsguestbook_project:dmsguestbook:1.7.0:::::wordpress::
dmsguestbook_project	dmsguestbook	1.8.0	cpe:2.3:a:dmsguestbook_project:dmsguestbook:1.8.0:::::wordpress::

References

secunia.com/advisories/28759

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.001

Percentile

46.7%

JSON

Related for CVE-2008-0618