Lucene search

MitreCVE-2008-3730

HistoryAug 20, 2008 - 4:41 p.m.

CVE-2008-3730

2008-08-2016:41:00

CWE-79

mitre

web.nvd.nist.gov

cve-2008-3730

cross-site scripting

xss

noah

nordicwind document management system

security vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.003

Percentile

65.5%

JSON

Cross-site scripting (XSS) vulnerability in Nordicwind Document Management System (NOAH) before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected configurations

Nvd

Node

nordicwindnoahRange≤3.2.1

nordicwindnoahMatch1.5.0

nordicwindnoahMatch1.5.0b

nordicwindnoahMatch1.5.1

nordicwindnoahMatch1.5.2

nordicwindnoahMatch1.5.3

nordicwindnoahMatch1.5.4

nordicwindnoahMatch1.5.5

nordicwindnoahMatch2.0.1

nordicwindnoahMatch2.1.1

nordicwindnoahMatch2.1.3

nordicwindnoahMatch2.1.4

nordicwindnoahMatch2.1.5

nordicwindnoahMatch2.1.6

nordicwindnoahMatch2.2.1

nordicwindnoahMatch3.1.1

nordicwindnoahMatch3.1.3

nordicwindnordicwind_document_management_systemRange≤3.2.1

nordicwindnordicwind_document_management_systemMatch1.5.0

nordicwindnordicwind_document_management_systemMatch1.5.0b

nordicwindnordicwind_document_management_systemMatch1.5.1

nordicwindnordicwind_document_management_systemMatch1.5.2

nordicwindnordicwind_document_management_systemMatch1.5.3

nordicwindnordicwind_document_management_systemMatch1.5.4

nordicwindnordicwind_document_management_systemMatch1.5.5

nordicwindnordicwind_document_management_systemMatch2.0.1

nordicwindnordicwind_document_management_systemMatch2.1.1

nordicwindnordicwind_document_management_systemMatch2.1.3

nordicwindnordicwind_document_management_systemMatch2.1.4

nordicwindnordicwind_document_management_systemMatch2.1.5

nordicwindnordicwind_document_management_systemMatch2.1.6

nordicwindnordicwind_document_management_systemMatch2.2.1

nordicwindnordicwind_document_management_systemMatch3.1.1

nordicwindnordicwind_document_management_systemMatch3.1.3

VendorProductVersionCPE
nordicwindnoah*cpe:2.3:a:nordicwind:noah:*:*:*:*:*:*:*:*
nordicwindnoah1.5.0cpe:2.3:a:nordicwind:noah:1.5.0:*:*:*:*:*:*:*
nordicwindnoah1.5.0bcpe:2.3:a:nordicwind:noah:1.5.0b:*:*:*:*:*:*:*
nordicwindnoah1.5.1cpe:2.3:a:nordicwind:noah:1.5.1:*:*:*:*:*:*:*
nordicwindnoah1.5.2cpe:2.3:a:nordicwind:noah:1.5.2:*:*:*:*:*:*:*
nordicwindnoah1.5.3cpe:2.3:a:nordicwind:noah:1.5.3:*:*:*:*:*:*:*
nordicwindnoah1.5.4cpe:2.3:a:nordicwind:noah:1.5.4:*:*:*:*:*:*:*
nordicwindnoah1.5.5cpe:2.3:a:nordicwind:noah:1.5.5:*:*:*:*:*:*:*
nordicwindnoah2.0.1cpe:2.3:a:nordicwind:noah:2.0.1:*:*:*:*:*:*:*
nordicwindnoah2.1.1cpe:2.3:a:nordicwind:noah:2.1.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
nordicwind	noah	*	cpe:2.3:a:nordicwind:noah::::::::
nordicwind	noah	1.5.0	cpe:2.3:a:nordicwind:noah:1.5.0:::::::*
nordicwind	noah	1.5.0b	cpe:2.3:a:nordicwind:noah:1.5.0b:::::::*
nordicwind	noah	1.5.1	cpe:2.3:a:nordicwind:noah:1.5.1:::::::*
nordicwind	noah	1.5.2	cpe:2.3:a:nordicwind:noah:1.5.2:::::::*
nordicwind	noah	1.5.3	cpe:2.3:a:nordicwind:noah:1.5.3:::::::*
nordicwind	noah	1.5.4	cpe:2.3:a:nordicwind:noah:1.5.4:::::::*
nordicwind	noah	1.5.5	cpe:2.3:a:nordicwind:noah:1.5.5:::::::*
nordicwind	noah	2.0.1	cpe:2.3:a:nordicwind:noah:2.0.1:::::::*
nordicwind	noah	2.1.1	cpe:2.3:a:nordicwind:noah:2.1.1:::::::*

Rows per page:

1-10 of 341

References

osvdb.org/47558

secunia.com/advisories/31543

www.nordicwind.ca/noah/bugs/inputval.html

www.securityfocus.com/bid/30747

exchange.xforce.ibmcloud.com/vulnerabilities/44535

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.003

Percentile

65.5%

JSON

Related for CVE-2008-3730