Lucene search

[email protected]CVE-2008-3560

HistoryAug 08, 2008 - 7:41 p.m.

CVE-2008-3560

2008-08-0819:41:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2008-3560

cross-site scripting

xss

vulnerability

kshop

xoops

web script

html

remote attackers

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.1%

JSON

Cross-site scripting (XSS) vulnerability in kshop_search.php in the Kshop module 2.22 for Xoops allows remote attackers to inject arbitrary web script or HTML via the search parameter.

Affected configurations

NVD

Node

xoopskshop_moduleMatch2.22

CPENameOperatorVersion
xoops:kshop_modulexoops kshop moduleeq2.22

CPE	Name	Operator	Version
xoops:kshop_module	xoops kshop module	eq	2.22

References

downloads.securityfocus.com/vulnerabilities/exploits/30576.html

lostmon.blogspot.com/2008/08/kshop-module-search-variable-and-field.html

secunia.com/advisories/31402

www.securityfocus.com/bid/30576

exchange.xforce.ibmcloud.com/vulnerabilities/44261

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.1%

JSON

Related for CVE-2008-3560

cvelist1 nvd1 prion1