Lucene search

[email protected]CVE-2008-5228

HistoryNov 25, 2008 - 11:30 p.m.

CVE-2008-5228

2008-11-2523:30:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2008-5228

cross-site scripting

xss

ibm

workplace content management

wcm

security vulnerability

web script

html

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

5.6 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.5%

JSON

Cross-site scripting (XSS) vulnerability in IBM Workplace Content Management (WCM) 6.0G and 6.1 before CF8, when a Page Navigation Component shows menu entries, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in the URI, related to parameters “not being encoded.”

Affected configurations

NVD

Node

ibmworkplace_content_managementMatch6.0

ibmworkplace_content_managementMatch6.1

CPENameOperatorVersion
ibm:workplace_content_managementibm workplace content managementeq6.0
ibm:workplace_content_managementibm workplace content managementeq6.1

CPE	Name	Operator	Version
ibm:workplace_content_management	ibm workplace content management	eq	6.0
ibm:workplace_content_management	ibm workplace content management	eq	6.1

References

secunia.com/advisories/32763

www-01.ibm.com/support/docview.wss?uid=swg1PK73108

www-01.ibm.com/support/docview.wss?uid=swg1PK73933

www.securityfocus.com/bid/32408

www.vupen.com/english/advisories/2008/3234

exchange.xforce.ibmcloud.com/vulnerabilities/46749

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

5.6 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.5%

JSON

Related for CVE-2008-5228

prion1 cvelist1 nvd1