Lucene search

[email protected]CVE-2008-1793

HistoryApr 15, 2008 - 5:05 p.m.

CVE-2008-1793

2008-04-1517:05:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2008-1793

cross-site scripting

xss

smart classified ads pro

smart photo ads

smart photo ads gold

web security

vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.0%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in view.cgi in Smart Classified ADS Professional, Smart Photo ADS, and Smart Photo ADS Gold allow remote attackers to inject arbitrary web script or HTML via the (1) AdNum and (2) Department parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Affected configurations

NVD

Node

hofficesmart_classified_adsprofessional

hofficesmart_photo_ads

hofficesmart_photo_ads_gold

CPENameOperatorVersion
hoffice:smart_classified_adshoffice smart classified adseq*
hoffice:smart_photo_adshoffice smart photo adseq*
hoffice:smart_photo_ads_goldhoffice smart photo ads goldeq*

CPE	Name	Operator	Version
hoffice:smart_classified_ads	hoffice smart classified ads	eq	*
hoffice:smart_photo_ads	hoffice smart photo ads	eq	*
hoffice:smart_photo_ads_gold	hoffice smart photo ads gold	eq	*

References

secunia.com/advisories/29623

www.securityfocus.com/bid/28595

exchange.xforce.ibmcloud.com/vulnerabilities/41611

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.0%

JSON

Related for CVE-2008-1793

prion1 cvelist1 nvd1