Lucene search

MitreCVE-2008-2011

HistoryApr 30, 2008 - 12:10 a.m.

CVE-2008-2011

2008-04-3000:10:00

CWE-79

mitre

web.nvd.nist.gov

cve

2008

2011

cross-site scripting

xss

national rail enquiries

remote attackers

arbitrary code

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

Confidence

High

EPSS

0.002

Percentile

64.8%

JSON

Cross-site scripting (XSS) vulnerability in the National Rail Enquiries Live Departure Boards gadget before 1.1 allows remote National Rail Enquiries servers or man-in-the-middle attackers to inject arbitrary web script or HTML, and execute arbitrary code, via a response body, as demonstrated by a SCRIPT element that references a vbscript: URI.

Affected configurations

Nvd

Node

national_rail_enquiriesnational_rail_enquiries_live_departure_boardsRange≤1.1

VendorProductVersionCPE
national_rail_enquiriesnational_rail_enquiries_live_departure_boards*cpe:2.3:a:national_rail_enquiries:national_rail_enquiries_live_departure_boards:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
national_rail_enquiries	national_rail_enquiries_live_departure_boards	*	cpe:2.3:a:national_rail_enquiries:national_rail_enquiries_live_departure_boards::::::::

References

www.mwrinfosecurity.com/news/1690.html

www.mwrinfosecurity.com/publications/mwri_national-rail-enquiries-gadget-advisory_2008-04-24.pdf

www.securityfocus.com/bid/28933

exchange.xforce.ibmcloud.com/vulnerabilities/42043

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

Confidence

High

EPSS

0.002

Percentile

64.8%

JSON

Related for CVE-2008-2011