Lucene search

[email protected]CVE-2008-0848

HistoryFeb 21, 2008 - 12:44 a.m.

CVE-2008-0848

2008-02-2100:44:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2008-0848

cross-site scripting

xss

crafty syntax live help

cslh

security vulnerability

5.7 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

67.7%

JSON

Cross-site scripting (XSS) vulnerability in lostsheep.php in Crafty Syntax Live Help (CSLH) before 2.14.16, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the versions claimed by the original researcher are probably incorrect.

Affected configurations

NVD

Node

crafty_syntax_live_helpcrafty_syntax_live_helpRange≤2.4.15

CPENameOperatorVersion
crafty_syntax_live_help:crafty_syntax_live_helpcrafty syntax live helple2.4.15

CPE	Name	Operator	Version
crafty_syntax_live_help:crafty_syntax_live_help	crafty syntax live help	le	2.4.15

References

secunia.com/advisories/29201

securityreason.com/securityalert/3688

sourceforge.net/project/shownotes.php?release_id=580994

www.securityfocus.com/archive/1/488286/100/0/threaded

www.securityfocus.com/archive/1/489016/100/0/threaded

www.securityfocus.com/bid/27859

exchange.xforce.ibmcloud.com/vulnerabilities/40636

5.7 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

67.7%

JSON

Related for CVE-2008-0848

cvelist2 prion2 nvd2 cve1