Lucene search

[email protected]CVE-2008-1386

HistoryApr 23, 2008 - 1:05 p.m.

CVE-2008-1386

2008-04-2313:05:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2008-1386

xss

serendipity

s9y

installer

web script

html

remote attackers

nvd

5.7 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

71.2%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the installer in Serendipity (S9Y) 1.3 allow remote attackers to inject arbitrary web script or HTML via (1) unspecified path fields or (2) the database host field. NOTE: the timing window for exploitation of this issue might be limited.

CPENameOperatorVersion
s9y:serendipitys9y serendipityeq1.3

CPE	Name	Operator	Version
s9y:serendipity	s9y serendipity	eq	1.3

References

archives.neohapsis.com/archives/fulldisclosure/2008-04/0590.html

blog.s9y.org/archives/193-Serendipity-1.3.1-released.html

int21.de/cve/CVE-2008-1386-s9y.html

www.securityfocus.com/archive/1/491176/100/0/threaded

www.securityfocus.com/bid/28885

www.securitytracker.com/id?1019915

www.vupen.com/english/advisories/2008/1348/references

exchange.xforce.ibmcloud.com/vulnerabilities/41967

5.7 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

71.2%

JSON

Related for CVE-2008-1386

prion1 ubuntucve1 cvelist1 nessus1 securityvulns2 openvas2 packetstorm1 freebsd1