Lucene search

[email protected]CVE-2008-2131

HistoryMay 09, 2008 - 6:20 p.m.

CVE-2008-2131

2008-05-0918:20:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2008-2131

cross-site scripting

xss

mvnforum

remote authentication

web script

html

security vulnerability

5.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

66.2%

JSON

Cross-site scripting (XSS) vulnerability in mvnForum 1.1 GA allows remote authenticated users to inject arbitrary web script or HTML via the topic field, which is later displayed by user/viewthread.jsp through use of the “quick reply button.”

Affected configurations

NVD

Node

myvietnammvnforumMatch1.1

CPENameOperatorVersion
myvietnam:mvnforummyvietnam mvnforumeq1.1

CPE	Name	Operator	Version
myvietnam:mvnforum	myvietnam mvnforum	eq	1.1

References

mvnforum.cvs.sourceforge.net/mvnforum/mvnforum/srcweb/mvnplugin/mvnforum/user/viewthread.jsp?r1=1.316&r2=1.317

secunia.com/advisories/30091

securityreason.com/securityalert/3862

users.own-hero.net/~decoder/advisories/mvnforum-jsxss.txt

www.securityfocus.com/archive/1/491713/100/0/threaded

www.securityfocus.com/bid/29075

exchange.xforce.ibmcloud.com/vulnerabilities/42241

5.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

66.2%

JSON

Related for CVE-2008-2131

prion1 nvd1 cvelist1