Lucene search

[email protected]CVE-2008-2200

HistoryMay 14, 2008 - 5:20 p.m.

CVE-2008-2200

2008-05-1417:20:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2008-2200

cross-site scripting

maian weblog 4.0

remote attackers

web script injection

html injection

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.6%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Maian Weblog 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) keywords parameter to admin/index.php in a blogs search action, the (2) msg_charset and (3) msg_header9 parameters to admin/inc/header.php, and the (4) keywords parameter to index.php in a search action.

Affected configurations

NVD

Node

maianscriptworldmaian_weblogMatch4.0

CPENameOperatorVersion
maianscriptworld:maian_weblogmaianscriptworld maian weblogeq4.0

CPE	Name	Operator	Version
maianscriptworld:maian_weblog	maianscriptworld maian weblog	eq	4.0

References

secunia.com/advisories/30060

securityreason.com/securityalert/3880

www.securityfocus.com/archive/1/491588/100/0/threaded

www.securityfocus.com/bid/29032

exchange.xforce.ibmcloud.com/vulnerabilities/42207

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.6%

JSON

Related for CVE-2008-2200

prion1 cvelist1 nvd1