Lucene search

K
cveMitreCVE-2008-4892
HistoryNov 04, 2008 - 12:58 a.m.

CVE-2008-4892

2008-11-0400:58:39
CWE-79
mitre
web.nvd.nist.gov
29
xss
vulnerability
planetluc mygallery
remote attackers
mghash parameter

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.003

Percentile

65.5%

Cross-site scripting (XSS) vulnerability in gallery.inc.php in Planetluc MyGallery 1.7.2 and earlier, and possibly other versions before 1.8.1, allows remote attackers to inject arbitrary web script or HTML via the mghash parameter. NOTE: some of these details are obtained from third party information.

Affected configurations

Nvd
Node
planetlucmygalleryMatch1.7.2
VendorProductVersionCPE
planetlucmygallery1.7.2cpe:2.3:a:planetluc:mygallery:1.7.2:*:*:*:*:*:*:*

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.003

Percentile

65.5%

Related for CVE-2008-4892