Lucene search

[email protected]CVE-2008-1037

HistoryFeb 27, 2008 - 7:44 p.m.

CVE-2008-1037

2008-02-2719:44:00

CWE-79

[email protected]

web.nvd.nist.gov

cve

2008

1037

cross-site scripting

xss

vulnerability

packeteer

packetshaper

policycenter

web management

interface

injection

html

nvd

6.6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

69.3%

JSON

Cross-site scripting (XSS) vulnerability in the file listing function in the web management interface in Packeteer PacketShaper and PolicyCenter 8.2.2 allows remote attackers to inject arbitrary web script or HTML via the FILELIST parameter to an arbitrary component, which triggers injection into an Error Report page.

CPENameOperatorVersion
packeteer:packetshaperpacketeer packetshapereq8.2.2
packeteer:policycenterpacketeer policycentereq8.2.2

CPE	Name	Operator	Version
packeteer:packetshaper	packeteer packetshaper	eq	8.2.2
packeteer:policycenter	packeteer policycenter	eq	8.2.2

References

secunia.com/advisories/29119

securityreason.com/securityalert/3701

www.securityfocus.com/archive/1/488712/100/0/threaded

www.securityfocus.com/bid/27982

www.securitytracker.com/id?1019501

6.6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

69.3%

JSON

Related for CVE-2008-1037

prion1 cvelist1