Lucene search

[email protected]CVE-2008-4648

HistoryOct 22, 2008 - 12:11 a.m.

CVE-2008-4648

2008-10-2200:11:50

CWE-79

[email protected]

web.nvd.nist.gov

elxis cms

xss

vulnerability

index.php

security

nvd

5.7 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

59.5%

JSON

Cross-site scripting (XSS) vulnerability in index.php in Elxis CMS 2008.1 revision 2204 allows remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO or the (2) option, (3) Itemid, (4) id, (5) task, (6) bid, and (7) contact_id parameters. NOTE: the error might be located in modules/mod_language.php, and index.php might be the interaction point.

Affected configurations

NVD

Node

elxiselxis_cmsMatch2008.1revision_2204

CPENameOperatorVersion
elxis:elxis_cmselxis elxis cmseq2008.1

CPE	Name	Operator	Version
elxis:elxis_cms	elxis elxis cms	eq	2008.1

References

packetstormsecurity.org/0810-exploits/elxis-xss.txt

secunia.com/advisories/32278

www.securityfocus.com/bid/31764

exchange.xforce.ibmcloud.com/vulnerabilities/45866

5.7 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

59.5%

JSON

Related for CVE-2008-4648

nvd1 prion1 cvelist1