Lucene search

[email protected]CVE-2008-5290

HistoryDec 01, 2008 - 3:30 p.m.

CVE-2008-5290

2008-12-0115:30:03

CWE-79

[email protected]

web.nvd.nist.gov

cve-2008-5290

cross-site scripting

xss

vulnerability

php

werner hilversum

clean cms 1.5

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.4%

JSON

Cross-site scripting (XSS) vulnerability in full_txt.php in Werner Hilversum Clean CMS 1.5 allows remote attackers to inject arbitrary web script or HTML via the id parameter.

Affected configurations

NVD

Node

scripts4youclean_cmsMatch1.5

CPENameOperatorVersion
scripts4you:clean_cmsscripts4you clean cmseq1.5

CPE	Name	Operator	Version
scripts4you:clean_cms	scripts4you clean cms	eq	1.5

References

secunia.com/advisories/32866

securityreason.com/securityalert/4666

www.securityfocus.com/bid/32474

www.exploit-db.com/exploits/7228

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.4%

JSON

Related for CVE-2008-5290

cvelist1 nvd1 prion1