CVE-2008-4336

2008-09-30T17:22:00

Description

Cross-site scripting (XSS) vulnerability in album.php in Atomic Photo Album (APA) 1.1.0pre4 allows remote attackers to inject arbitrary web script or HTML via the apa_album_ID parameter.

Affected Software

CPE Name	Name	Version
constantin_charissis:atomic_photo_album	constantin charissis atomic photo album	1.1.0_pre4

{"id": "CVE-2008-4336", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2008-4336", "description": "Cross-site scripting (XSS) vulnerability in album.php in Atomic Photo Album (APA) 1.1.0pre4 allows remote attackers to inject arbitrary web script or HTML via the apa_album_ID parameter.", "published": "2008-09-30T17:22:00", "modified": "2017-09-29T01:32:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 4.3}, "severity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4336", "reporter": "cve@mitre.org", "references": ["http://www.securityfocus.com/bid/31409", "https://exchange.xforce.ibmcloud.com/vulnerabilities/45432", "https://www.exploit-db.com/exploits/6572"], "cvelist": ["CVE-2008-4336"], "immutableFields": [], "lastseen": "2023-02-09T14:09:45", "viewCount": 10, "enchantments": {"dependencies": {"references": []}, "score": {"value": 4.3, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "epss": [{"cve": "CVE-2008-4336", "epss": "0.001990000", "percentile": "0.560160000", "modified": "2023-03-13"}], "vulnersScore": 4.3}, "_state": {"dependencies": 1675953805, "score": 1675954691, "affected_software_major_version": 1675966406, "epss": 1678757769}, "_internal": {"score_hash": "3912afbc1b09cc3038127eea0271cc69"}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": ["cpe:/a:constantin_charissis:atomic_photo_album:1.1.0_pre4"], "cpe23": ["cpe:2.3:a:constantin_charissis:atomic_photo_album:1.1.0_pre4:*:*:*:*:*:*:*"], "cwe": ["CWE-79"], "affectedSoftware": [{"cpeName": "constantin_charissis:atomic_photo_album", "version": "1.1.0_pre4", "operator": "eq", "name": "constantin charissis atomic photo album"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:constantin_charissis:atomic_photo_album:1.1.0_pre4:*:*:*:*:*:*:*", "cpe_name": []}]}]}, "extraReferences": [{"url": "http://www.securityfocus.com/bid/31409", "name": "31409", "refsource": "BID", "tags": ["Exploit"]}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45432", "name": "atomicphotoalbum-album-xss(45432)", "refsource": "XF", "tags": []}, {"url": "https://www.exploit-db.com/exploits/6572", "name": "6572", "refsource": "EXPLOIT-DB", "tags": []}], "product_info": [{"vendor": "Constantin_charissis", "product": "Atomic_photo_album"}]}