Lucene search
HistoryOct 15, 2008 - 8:00 p.m.
CVE-2008-4571
cve-2008-4571
cross-site scripting
xss
plone
livesearch module
nvd
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.7 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
70.4%
Cross-site scripting (XSS) vulnerability in the LiveSearch module in Plone before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the Description field for search results, as demonstrated using the onerror Javascript even in an IMG tag.
Affected configurations
Node
ploneploneRange≤3.0.3
ORploneploneMatch2.0.5
ORploneploneMatch2.1.2
ORploneploneMatch2.5
ORploneploneMatch2.5.1
ORploneploneMatch2.5.1_rc
ORploneploneMatch2.5.4
ORploneploneMatch2.5_beta1
ORploneploneMatch3.0
ORploneploneMatch3.0.1
ORploneploneMatch3.0.2
Related
ubuntucve
ubuntucve
CVE-2008-4571
2008-10-15 00:00:00
osv
osv
Plone Cross-site Scripting vulnerability in the LiveSearch module
2022-05-02 00:11:22
nvd
nvd
CVE-2008-4571
2008-10-15 20:00:03
github
github
Plone Cross-site Scripting vulnerability in the LiveSearch module
2022-05-02 00:11:22
prion
prion
Cross site scripting
2008-10-15 20:00:00
cvelist
cvelist
CVE-2008-4571
2008-10-15 18:12:00
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.7 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
70.4%
Related for CVE-2008-4571