Lucene search

MitreCVE-2008-2997

HistoryJul 03, 2008 - 6:41 p.m.

CVE-2008-2997

2008-07-0318:41:00

CWE-79

mitre

web.nvd.nist.gov

cve-2008-2997

cross-site scripting

xss

gravity board x

gbx 2.0 beta

remote code injection

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.002

Percentile

60.3%

JSON

Cross-site scripting (XSS) vulnerability in index.php in Gravity Board X (GBX) 2.0 Beta allows remote attackers to inject arbitrary web script or HTML via the subject parameter in a postnewsubmit (aka create new thread) action.

Affected configurations

Nvd

Node

gravityboardxgravity_board_xMatch2.0beta

VendorProductVersionCPE
gravityboardxgravity_board_x2.0cpe:2.3:a:gravityboardx:gravity_board_x:2.0:beta:*:*:*:*:*:*

Vendor	Product	Version	CPE
gravityboardx	gravity_board_x	2.0	cpe:2.3:a:gravityboardx:gravity_board_x:2.0:beta::::::

References

securityreason.com/securityalert/3970

www.securityfocus.com/bid/29685

exchange.xforce.ibmcloud.com/vulnerabilities/43021

www.exploit-db.com/exploits/5791

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.002

Percentile

60.3%

JSON

Related for CVE-2008-2997