Lucene search

[email protected]CVE-2008-4168

HistorySep 22, 2008 - 6:34 p.m.

CVE-2008-4168

2008-09-2218:34:16

CWE-79

[email protected]

web.nvd.nist.gov

cve-2008-4168

cross-site scripting

xss

web script injection

html injection

pro2col stingray fts

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.5%

JSON

Cross-site scripting (XSS) vulnerability in verify_login.jsp in Pro2col Stingray FTS allows remote attackers to inject arbitrary web script or HTML via the form_username parameter (aka user name field).

Affected configurations

NVD

Node

pro2colstingray_fts

CPENameOperatorVersion
pro2col:stingray_ftspro2col stingray ftseq*

CPE	Name	Operator	Version
pro2col:stingray_fts	pro2col stingray fts	eq	*

References

securityreason.com/securityalert/4285

www.scip.ch/cgi-bin/smss/showadvf.pl?id=3809

www.securityfocus.com/archive/1/496302/100/0/threaded

www.securityfocus.com/bid/31148

exchange.xforce.ibmcloud.com/vulnerabilities/45107

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.5%

JSON

Related for CVE-2008-4168

nvd1 prion1 cvelist1