Lucene search

[email protected]CVE-2008-1850

HistoryApr 16, 2008 - 5:05 p.m.

CVE-2008-1850

2008-04-1617:05:00

CWE-79

[email protected]

web.nvd.nist.gov

cve

2008

1850

xss

vulnerabilities

omnistar

interactive

osi

affiliate

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

67.9%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in login.php in Omnistar Interactive OSI Affiliate allow remote attackers to inject arbitrary web script or HTML via the (1) login, (2) profile, (3) profile2, and (4) ref parameters.

Affected configurations

NVD

Node

osiaffiliateosiaffiliate

CPENameOperatorVersion
osiaffiliate:osiaffiliateosiaffiliateeq*

CPE	Name	Operator	Version
osiaffiliate:osiaffiliate	osiaffiliate	eq	*

References

secunia.com/advisories/29779

www.mrzayas.es/2008/04/11/xss-en-osiaffiliate/

www.osvdb.org/44376

www.securityfocus.com/bid/28785

www.securityfocus.com/bid/28793

exchange.xforce.ibmcloud.com/vulnerabilities/41811

exchange.xforce.ibmcloud.com/vulnerabilities/41825

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

67.9%

JSON

Related for CVE-2008-1850

cvelist1 prion1 nvd1