Lucene search

[email protected]CVE-2008-4893

HistoryNov 04, 2008 - 12:58 a.m.

CVE-2008-4893

2008-11-0400:58:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2008-4893

cross-site scripting

xss vulnerability

tribiq cms

security vulnerability

web script injection

html injection

nvd

6.1 Medium

AI Score

Confidence

High

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

56.7%

JSON

Cross-site scripting (XSS) vulnerability in templates/mytribiqsite/tribal-GPL-1066/includes/header.inc.php in Tribiq CMS 5.0.10a, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the template_path parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CPENameOperatorVersion
tribiq:tribiq_cmstribiq tribiq cmseq5.0.10a

CPE	Name	Operator	Version
tribiq:tribiq_cms	tribiq tribiq cms	eq	5.0.10a

References

secunia.com/advisories/32548

www.securityfocus.com/bid/32050

exchange.xforce.ibmcloud.com/vulnerabilities/46265

6.1 Medium

AI Score

Confidence

High

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

56.7%

JSON

Related for CVE-2008-4893

cvelist1 prion1