Lucene search

[email protected]CVE-2008-1716

HistoryApr 09, 2008 - 9:05 p.m.

CVE-2008-1716

2008-04-0921:05:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2008-1716

cross-site scripting

xss

woltlab community framework

wcf

woltlab burning board

web security

6.2 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

67.6%

JSON

Cross-site scripting (XSS) vulnerability in WoltLab Community Framework (WCF) 1.0.6 in WoltLab Burning Board 3.0.5 allows remote attackers to inject arbitrary web script or HTML via the (1) page and (2) form parameters, which are not properly handled when they are reflected back in an error message.

CPENameOperatorVersion
woltlab:burning_boardwoltlab burning boardeq3.0.5

CPE	Name	Operator	Version
woltlab:burning_board	woltlab burning board	eq	3.0.5

References

archives.neohapsis.com/archives/fulldisclosure/2008-04/0161.html

lists.grok.org.uk/pipermail/full-disclosure/2008-April/061271.html

secunia.com/advisories/29719

www.securityfocus.com/archive/1/490560/100/0/threaded

www.securityfocus.com/archive/1/490782/100/0/threaded

www.securityfocus.com/bid/28678

exchange.xforce.ibmcloud.com/vulnerabilities/41714

6.2 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

67.6%

JSON

Related for CVE-2008-1716

cvelist1 prion1