Lucene search

[email protected]CVE-2008-0914

HistoryFeb 22, 2008 - 11:44 p.m.

CVE-2008-0914

2008-02-2223:44:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2008-0914

cross-site scripting

xss

ipdiva

ssl vpn server

remote attackers

arbitrary web script

html

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.6%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the Mediation server in IPdiva SSL VPN Server 2.2 before 2.2.8.84 and 2.3 before 2.3.2.14 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected configurations

NVD

Node

ipdivaipdivaMatch2.2

ipdivaipdivaMatch2.3

CPENameOperatorVersion
ipdiva:ipdivaipdivaeq2.2
ipdiva:ipdivaipdivaeq2.3

CPE	Name	Operator	Version
ipdiva:ipdiva	ipdiva	eq	2.2
ipdiva:ipdiva	ipdiva	eq	2.3

References

lists.grok.org.uk/pipermail/full-disclosure/2008-February/060315.html

secunia.com/advisories/28963

securityreason.com/securityalert/3690

www.securityfocus.com/archive/1/488143/100/100/threaded

www.securityfocus.com/archive/1/488204/100/0/threaded

www.securityfocus.com/bid/27800

exchange.xforce.ibmcloud.com/vulnerabilities/40545

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.6%

JSON

Related for CVE-2008-0914

nvd1 prion1 cvelist1