Lucene search

[email protected]CVE-2008-0917

HistoryFeb 22, 2008 - 11:44 p.m.

CVE-2008-0917

2008-02-2223:44:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2008-0917

cross-site scripting

xss

tor world tor search

i-navigator

mobile frontier

diary.cgi

tor news

simple bbs

interactive bbs

tor board

simple vote

com vote

web security

remote attack

html injection

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.6 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.5%

JSON

Cross-site scripting (XSS) vulnerability in Tor World Tor Search 1.1 and earlier, I-Navigator 4.0, Mobile Frontier 2.1 and earlier, Diary.cgi (aka Quotes of the Day) 1.5 and earlier, Tor News 1.21 and earlier, Simple BBS 1.3 and earlier, Interactive BBS 1.3 and earlier, Tor Board 1.1 and earlier, Simple Vote 1.1 and earlier, and Com Vote 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected configurations

NVD

Node

tor_worldcom_voteMatch1.2

tor_worldi-navigatorMatch4.0

tor_worldinteractive_bbsMatch1.3

tor_worldmobile_frontierMatch2.1

tor_worldquotes_of_the_dayMatch1.5

tor_worldsimple_bbsMatch1.3

tor_worldsimple_voteMatch1.1

tor_worldtor_boardMatch1.1

tor_worldtor_newsMatch1.21

tor_worldtor_searchMatch1.1

CPENameOperatorVersion
tor_world:com_votetor world com voteeq1.2
tor_world:i-navigatortor world i-navigatoreq4.0
tor_world:interactive_bbstor world interactive bbseq1.3
tor_world:mobile_frontiertor world mobile frontiereq2.1
tor_world:quotes_of_the_daytor world quotes of the dayeq1.5
tor_world:simple_bbstor world simple bbseq1.3
tor_world:simple_votetor world simple voteeq1.1
tor_world:tor_boardtor world tor boardeq1.1
tor_world:tor_newstor world tor newseq1.21
tor_world:tor_searchtor world tor searcheq1.1

CPE	Name	Operator	Version
tor_world:com_vote	tor world com vote	eq	1.2
tor_world:i-navigator	tor world i-navigator	eq	4.0
tor_world:interactive_bbs	tor world interactive bbs	eq	1.3
tor_world:mobile_frontier	tor world mobile frontier	eq	2.1
tor_world:quotes_of_the_day	tor world quotes of the day	eq	1.5
tor_world:simple_bbs	tor world simple bbs	eq	1.3
tor_world:simple_vote	tor world simple vote	eq	1.1
tor_world:tor_board	tor world tor board	eq	1.1
tor_world:tor_news	tor world tor news	eq	1.21
tor_world:tor_search	tor world tor search	eq	1.1

References

download.torworld.com/bug/20080221.html

jvn.jp/jp/JVN%2354593414/index.html

secunia.com/advisories/29039

www.securityfocus.com/bid/27919

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.6 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.5%

JSON

Related for CVE-2008-0917

nvd2 cvelist2 prion2 cve1