Lucene search

[email protected]CVE-2008-4727

HistoryOct 24, 2008 - 12:00 a.m.

CVE-2008-4727

2008-10-2400:00:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2008-4727

cross-site scripting

xss

vulnerability

sungard banner student 7.3

nvd

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

71.0%

JSON

Cross-site scripting (XSS) vulnerability in the contact update page (ss/bwgkoemr.P_UpdateEmrgContacts) in SunGard Banner Student 7.3 allows remote attackers to inject arbitrary web script or HTML via the addr1 parameter. NOTE: this might be resultant from a CSRF vulnerability, but there are insufficient details to be sure.

Affected configurations

NVD

Node

sungardbanner_studentMatch7.3

CPENameOperatorVersion
sungard:banner_studentsungard banner studenteq7.3

CPE	Name	Operator	Version
sungard:banner_student	sungard banner student	eq	7.3

References

downloads.securityfocus.com/vulnerabilities/exploits/27490.html

osvdb.org/41077

osvdb.org/41078

securityreason.com/securityalert/4494

www.securityfocus.com/archive/1/487250/100/200/threaded

www.securityfocus.com/bid/27490

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

71.0%

JSON

Related for CVE-2008-4727

cvelist1 nvd1 prion1