Lucene search

[email protected]CVE-2008-5126

HistoryNov 18, 2008 - 2:30 a.m.

CVE-2008-5126

2008-11-1802:30:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2008-5126

cross-site scripting

xss

boutikone cms

search.php

security vulnerability

web script injection

html injection

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.3%

JSON

Cross-site scripting (XSS) vulnerability in search.php in BoutikOne CMS allows remote attackers to inject arbitrary web script or HTML via the search_query parameter.

Affected configurations

NVD

Node

boutikoneboutikone_cms

CPENameOperatorVersion
boutikone:boutikone_cmsboutikone boutikone cmseq*

CPE	Name	Operator	Version
boutikone:boutikone_cms	boutikone boutikone cms	eq	*

References

packetstorm.linuxsecurity.com/0811-exploits/boutikone-xss.txt

secunia.com/advisories/32757

www.securityfocus.com/bid/32321

exchange.xforce.ibmcloud.com/vulnerabilities/46621

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.3%

JSON

Related for CVE-2008-5126

prion1 nvd1 cvelist1