Lucene search

[email protected]CVE-2008-5211

HistoryNov 24, 2008 - 5:30 p.m.

CVE-2008-5211

2008-11-2417:30:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2008-5211

cross-site scripting

xss

sphider

search.php

vulnerability

web script

html

remote attackers

nvd

5.5 Medium

AI Score

Confidence

High

2.6 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.035 Low

EPSS

Percentile

91.5%

JSON

Cross-site scripting (XSS) vulnerability in search.php in Sphider 1.3.4, when the search suggestion feature is enabled, allows remote attackers to inject arbitrary web script or HTML via the query parameter, a different vector than CVE-2006-2506.

Affected configurations

NVD

Node

sphidersphiderMatch1.3.4

CPENameOperatorVersion
sphider:sphidersphidereq1.3.4

CPE	Name	Operator	Version
sphider:sphider	sphider	eq	1.3.4

References

secunia.com/advisories/30082

securityreason.com/securityalert/4629

users.own-hero.net/~decoder/advisories/sphider134-xss.txt

www.securityfocus.com/archive/1/491712/100/0/threaded

www.securityfocus.com/bid/29074

exchange.xforce.ibmcloud.com/vulnerabilities/42240

5.5 Medium

AI Score

Confidence

High

2.6 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.035 Low

EPSS

Percentile

91.5%

JSON

Related for CVE-2008-5211

prion2 nvd3 cvelist3 openvas2 cve2