Lucene search

MitreCVE-2008-1916

HistoryApr 23, 2008 - 1:05 p.m.

CVE-2008-1916

2008-04-2313:05:00

CWE-79

mitre

web.nvd.nist.gov

cve-2008-1916

cross-site scripting

xss

ubercart

drupal

remote attackers

web script

html

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.003

Percentile

68.4%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart 5.x before 5.x-1.0-rc1 module for Drupal allow remote attackers to inject arbitrary web script or HTML via text fields intended for the (1) address and (2) order information, which are later displayed on the order view page and unspecified other administrative pages, a different vulnerability than CVE-2008-1428.

Affected configurations

Nvd

Node

drupalubercart_moduleMatch5-1.0rc1

VendorProductVersionCPE
drupalubercart_module5-1.0cpe:2.3:a:drupal:ubercart_module:5-1.0:rc1:*:*:*:*:*:*

Vendor	Product	Version	CPE
drupal	ubercart_module	5-1.0	cpe:2.3:a:drupal:ubercart_module:5-1.0:rc1::::::

References

drupal.org/node/241944

www.vupen.com/english/advisories/2008/1083/references

exchange.xforce.ibmcloud.com/vulnerabilities/41624

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.003

Percentile

68.4%

JSON

Related for CVE-2008-1916