Lucene search

[email protected]CVE-2008-1048

HistoryFeb 27, 2008 - 7:44 p.m.

CVE-2008-1048

2008-02-2719:44:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2008-1048

xss

vulnerability

plume cms

web script

html

nvd

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

72.5%

JSON

Cross-site scripting (XSS) vulnerability in manager/xmedia.php in Plume CMS 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the dir parameter.

CPENameOperatorVersion
plume-cms:plume_cmsplume-cms plume cmseq1.2.2

CPE	Name	Operator	Version
plume-cms:plume_cms	plume-cms plume cms	eq	1.2.2

References

secunia.com/advisories/29116

www.digitrustgroup.com/advisories/web-application-security-plume-cms.html

www.securityfocus.com/bid/27999

www.securitytracker.com/id?1019507

exchange.xforce.ibmcloud.com/vulnerabilities/40841

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

72.5%

JSON

Related for CVE-2008-1048

cvelist1 prion1