Lucene search

MitreCVE-2008-1225

HistoryMar 10, 2008 - 5:44 p.m.

CVE-2008-1225

2008-03-1017:44:00

CWE-79

mitre

web.nvd.nist.gov

cve-2008-1225

cross-site scripting

xss

webct campus edition

nvd

security vulnerability

remote code injection

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.4

Confidence

High

EPSS

0.004

Percentile

74.1%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in WebCT Campus Edition 4.1.5.8, when “Don’t wrap text” is enabled, allow remote authenticated users to inject arbitrary web script or HTML via a (1) mail message or (2) discussion board message. NOTE: this might overlap CVE-2005-1076.

Affected configurations

Nvd

Node

webctwebctMatch4.1.5.8campus_edition

VendorProductVersionCPE
webctwebct4.1.5.8cpe:2.3:a:webct:webct:4.1.5.8:*:campus_edition:*:*:*:*:*

Vendor	Product	Version	CPE
webct	webct	4.1.5.8	cpe:2.3:a:webct:webct:4.1.5.8::campus_edition:::::

References

marc.info/?l=full-disclosure&m=120471944119467&w=2

secunia.com/advisories/29227

www.balupton.com/blogs/dev?title=webct_session_stealer_exploit

www.balupton.com/documents/webct_exploits.txt

www.securityfocus.com/bid/28107

exchange.xforce.ibmcloud.com/vulnerabilities/41047

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.4

Confidence

High

EPSS

0.004

Percentile

74.1%

JSON

Related for CVE-2008-1225