Lucene search

[email protected]CVE-2008-3678

HistoryAug 14, 2008 - 7:41 p.m.

CVE-2008-3678

2008-08-1419:41:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2008-3678

cross-site scripting

xss

admin/search_links.php

freeway

security vulnerability

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

60.0%

JSON

Cross-site scripting (XSS) vulnerability in admin/search_links.php in Freeway before 1.4.2.197 allows remote attackers to inject arbitrary web script or HTML via the URL.

CPENameOperatorVersion
damian_hickey:freewaydamian hickey freewayeq1.1.1.80
damian_hickey:freewaydamian hickey freewayeq1.3.2.154
damian_hickey:freewaydamian hickey freewayeq1.3
damian_hickey:freewaydamian hickey freewayeq1.4.1.170
damian_hickey:freewaydamian hickey freewayeq1.0.60
damian_hickey:freewaydamian hickey freewayeq1.4.1.171
damian_hickey:freewaydamian hickey freewayeq1.1.0.76
damian_hickey:freewaydamian hickey freewayeq1.2.0.113
damian_hickey:freewaydamian hickey freewayeq1.3.1.147

CPE	Name	Operator	Version
damian_hickey:freeway	damian hickey freeway	eq	1.1.1.80
damian_hickey:freeway	damian hickey freeway	eq	1.3.2.154
damian_hickey:freeway	damian hickey freeway	eq	1.3
damian_hickey:freeway	damian hickey freeway	eq	1.4.1.170
damian_hickey:freeway	damian hickey freeway	eq	1.0.60
damian_hickey:freeway	damian hickey freeway	eq	1.4.1.171
damian_hickey:freeway	damian hickey freeway	eq	1.1.0.76
damian_hickey:freeway	damian hickey freeway	eq	1.2.0.113
damian_hickey:freeway	damian hickey freeway	eq	1.3.1.147

References

secunia.com/advisories/31475

sourceforge.net/project/shownotes.php?release_id=619467

www.securityfocus.com/bid/30676

exchange.xforce.ibmcloud.com/vulnerabilities/44427

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

60.0%

JSON

Related for CVE-2008-3678

prion1 cvelist1