Lucene search

[email protected]CVE-2008-2202

HistoryMay 14, 2008 - 5:20 p.m.

CVE-2008-2202

2008-05-1417:20:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2008-2202

cross-site scripting

xss

maian uploader 4.0

web script injection

html injection

remote attackers

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.6%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Maian Uploader 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) keywords parameter to upload/admin/index.php in a search action, the (2) msg_charset and (3) msg_header9 parameters to admin/inc/header.php, and the (4) keywords parameter to index.php in a search action.

Affected configurations

NVD

Node

maianscriptworldmaian_uploaderMatch4.0

CPENameOperatorVersion
maianscriptworld:maian_uploadermaianscriptworld maian uploadereq4.0

CPE	Name	Operator	Version
maianscriptworld:maian_uploader	maianscriptworld maian uploader	eq	4.0

References

secunia.com/advisories/30096

securityreason.com/securityalert/3882

www.securityfocus.com/archive/1/491599/100/0/threaded

www.securityfocus.com/bid/29051

exchange.xforce.ibmcloud.com/vulnerabilities/42203

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.6%

JSON

Related for CVE-2008-2202

nvd1 cvelist1 prion1