Lucene search

[email protected]CVE-2008-0751

HistoryFeb 13, 2008 - 8:00 p.m.

CVE-2008-0751

2008-02-1320:00:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2008-0751

cross-site scripting

xss

freetag

s9y serendipity

internet explorer

remote attackers

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.0%

JSON

Cross-site scripting (XSS) vulnerability in the Freetag before 2.96 plugin for S9Y Serendipity, when using Internet Explorer 6 or 7, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to plugin/tag/.

Affected configurations

NVD

Node

s9yserendipity_event_freetagRange<2.96

AND

microsoftinternet_explorerMatch6

microsoftinternet_explorerMatch7

CPENameOperatorVersion
s9y:serendipity_event_freetags9y serendipity event freetaglt2.96

CPE	Name	Operator	Version
s9y:serendipity_event_freetag	s9y serendipity event freetag	lt	2.96

References

blog.s9y.org/archives/190-Freetag-plugin-updated-to-prevent-XSS.html

lists.grok.org.uk/pipermail/full-disclosure/2008-February/060122.html

secunia.com/advisories/28852

www.bitsploit.de/uploads/Code/200802080000/

www.securityfocus.com/bid/27697

exchange.xforce.ibmcloud.com/vulnerabilities/40376

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.0%

JSON

Related for CVE-2008-0751

cvelist1 nvd1 prion1