Lucene search

K
cve[email protected]CVE-2008-4349
HistorySep 30, 2008 - 6:15 p.m.

CVE-2008-4349

2008-09-3018:15:08
CWE-79
web.nvd.nist.gov
27
cve
2008
4349
xss
vulnerabilities
s0nic paranews 3.4

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.2%

Multiple cross-site scripting (XSS) vulnerabilities in news.php in s0nic Paranews 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) page parameter in a details action.

Affected configurations

NVD
Node
s0nicparanewsMatch3.4
CPENameOperatorVersion
s0nic:paranewss0nic paranewseq3.4

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.2%

Related for CVE-2008-4349