Lucene search

[email protected]CVE-2008-2494

HistoryMay 28, 2008 - 3:32 p.m.

CVE-2008-2494

2008-05-2815:32:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2008-2494

xss

web script injection

html injection

index.php

zina 1.0 rc3

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.0%

JSON

Cross-site scripting (XSS) vulnerability in index.php in Zina 1.0 RC3 allows remote attackers to inject arbitrary web script or HTML via the l parameter.

Affected configurations

NVD

Node

pancakezinaMatch1.0_rc3

CPENameOperatorVersion
pancake:zinapancake zinaeq1.0_rc3

CPE	Name	Operator	Version
pancake:zina	pancake zina	eq	1.0_rc3

References

www.securityfocus.com/archive/1/492593/100/0/threaded

www.securityfocus.com/bid/29367

exchange.xforce.ibmcloud.com/vulnerabilities/42642

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.0%

JSON

Related for CVE-2008-2494

prion1 cvelist1 nvd1