Lucene search

[email protected]CVE-2008-5193

HistoryNov 21, 2008 - 5:30 p.m.

CVE-2008-5193

2008-11-2117:30:00

CWE-79

[email protected]

web.nvd.nist.gov

xss

cross-site scripting

cve-2008-5193

w1l3d4 philboard 1.14

w1l3d4 philboard 1.2

remote attackers

searchterms parameter

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.5%

JSON

Cross-site scripting (XSS) vulnerability in search.asp in W1L3D4 Philboard 1.14 and 1.2 allows remote attackers to inject arbitrary web script or HTML via the searchterms parameter. NOTE: this might overlap CVE-2007-4024.

Affected configurations

NVD

Node

philboardphilboardMatch1.2

philboardphilboardMatch1.14

CPENameOperatorVersion
philboard:philboardphilboardeq1.2
philboard:philboardphilboardeq1.14

CPE	Name	Operator	Version
philboard:philboard	philboard	eq	1.2
philboard:philboard	philboard	eq	1.14

References

secunia.com/advisories/30874

securityreason.com/securityalert/4621

www.securityfocus.com/bid/29998

exchange.xforce.ibmcloud.com/vulnerabilities/43451

www.exploit-db.com/exploits/5958

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.5%

JSON

Related for CVE-2008-5193

cvelist2 prion2 nvd2 cve1