Lucene search

[email protected]CVE-2008-5338

HistoryDec 05, 2008 - 1:30 a.m.

CVE-2008-5338

2008-12-0501:30:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2008-5338

cross-site scripting

xss

bandwebsite

bandsite portal system

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.2%

JSON

Cross-site scripting (XSS) vulnerability in info.php in Bandwebsite (aka Bandsite portal system) 1.5 allows remote attackers to inject arbitrary web script or HTML via the section parameter.

Affected configurations

NVD

Node

multimaniabandsite_portal_systemMatch1.5

multimaniabandwebsiteMatch1.5

CPENameOperatorVersion
multimania:bandsite_portal_systemmultimania bandsite portal systemeq1.5
multimania:bandwebsitemultimania bandwebsiteeq1.5

CPE	Name	Operator	Version
multimania:bandsite_portal_system	multimania bandsite portal system	eq	1.5
multimania:bandwebsite	multimania bandwebsite	eq	1.5

References

securityreason.com/securityalert/4689

www.securityfocus.com/bid/32454

z0rlu.blogspot.com/2008/11/bandwebsite-15-sqlxss-multiple-remote.html

exchange.xforce.ibmcloud.com/vulnerabilities/46817

www.exploit-db.com/exploits/7215

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.2%

JSON

Related for CVE-2008-5338

nvd1 cvelist1 prion1