Lucene search

[email protected]CVE-2008-5487

HistoryDec 12, 2008 - 4:30 p.m.

CVE-2008-5487

2008-12-1216:30:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2008-5487

cross-site scripting

xss vulnerability

turnkeyforms text link sales

admin.php

web security

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.6%

JSON

Cross-site scripting (XSS) vulnerability in admin.php in TurnkeyForms Text Link Sales allows remote attackers to inject arbitrary web script or HTML via the id parameter.

Affected configurations

NVD

Node

turnkeyformstext_link_sales

CPENameOperatorVersion
turnkeyforms:text_link_salesturnkeyforms text link saleseq*

CPE	Name	Operator	Version
turnkeyforms:text_link_sales	turnkeyforms text link sales	eq	*

References

secunia.com/advisories/32732

securityreason.com/securityalert/4719

www.securityfocus.com/bid/32308

exchange.xforce.ibmcloud.com/vulnerabilities/46632

www.exploit-db.com/exploits/7124

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.6%

JSON

Related for CVE-2008-5487

cvelist1 prion1 nvd1