Lucene search

[email protected]CVE-2008-6097

HistoryFeb 09, 2009 - 5:30 p.m.

CVE-2008-6097

2009-02-0917:30:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2008-6097

xss

wikyblog

vulnerability

web script

html

nvd

security

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.9%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in WikyBlog before 1.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) key parameter to index.php/Special/Main/keywordSearch, (2) revNum parameter to index.php/Edit/Main/Home, (3) to parameter to index.php/Special/Main/WhatLinksHere, (4) user parameter to index.php/Special/Main/UserEdits, and (5) the PATH_INFO to index.php.

Affected configurations

NVD

Node

wikyblogwikyblogRange≤1.7

wikyblogwikyblogMatch1.2.1

wikyblogwikyblogMatch1.2.2

wikyblogwikyblogMatch1.2.3

wikyblogwikyblogMatch1.3.2

wikyblogwikyblogMatch1.4

wikyblogwikyblogMatch1.4.1

wikyblogwikyblogMatch1.4.2

wikyblogwikyblogMatch1.4.3

wikyblogwikyblogMatch1.4.4

wikyblogwikyblogMatch1.4.5

wikyblogwikyblogMatch1.4.6

wikyblogwikyblogMatch1.4.7

wikyblogwikyblogMatch1.4.8

wikyblogwikyblogMatch1.4.9

wikyblogwikyblogMatch1.4.10

wikyblogwikyblogMatch1.4.11

wikyblogwikyblogMatch1.4.12

wikyblogwikyblogMatch1.4.13

wikyblogwikyblogMatch1.4.14

wikyblogwikyblogMatch1.4.15

wikyblogwikyblogMatch1.5

wikyblogwikyblogMatch1.5.0.2

wikyblogwikyblogMatch1.5.0.3

wikyblogwikyblogMatch1.5.1

wikyblogwikyblogMatch1.5.2

wikyblogwikyblogMatch1.5.3

wikyblogwikyblogMatch1.5.4

wikyblogwikyblogMatch1.5.5

wikyblogwikyblogMatch1.5.6

wikyblogwikyblogMatch1.5.7

wikyblogwikyblogMatch1.5.7.2

wikyblogwikyblogMatch1.5.7.3

wikyblogwikyblogMatch1.5.7.4

wikyblogwikyblogMatch1.6

wikyblogwikyblogMatch1.6.1

wikyblogwikyblogMatch1.6.1.1

wikyblogwikyblogMatch1.6.1.2

wikyblogwikyblogMatch1.6.1.3

wikyblogwikyblogMatch1.6.1.4

wikyblogwikyblogMatch1.6.1.5

wikyblogwikyblogMatch1.6.1.6

wikyblogwikyblogMatch1.6.1.7

wikyblogwikyblogMatch1.6b1

wikyblogwikyblogMatch1.6b2

wikyblogwikyblogMatch1.6b3

wikyblogwikyblogMatch1.7rc1

wikyblogwikyblogMatch1.7rc2

wikyblogwikyblogMatch1.7rc3

wikyblogwikyblogMatch1.7.0.1

wikyblogwikyblogMatch1.7.1rc1

wikyblogwikyblogMatch1.7.1rc2

wikyblogwikyblogMatch1.7.1.1

wikyblogwikyblogMatch1.7.1b1

wikyblogwikyblogMatch1.7.1b2

wikyblogwikyblogMatch1.7b1

wikyblogwikyblogMatch1.7b2

wikyblogwikyblogMatch1.7b3

CPENameOperatorVersion
wikyblog:wikyblogwikyblogle1.7
wikyblog:wikyblogwikyblogeq1.2.1
wikyblog:wikyblogwikyblogeq1.2.2
wikyblog:wikyblogwikyblogeq1.2.3
wikyblog:wikyblogwikyblogeq1.3.2
wikyblog:wikyblogwikyblogeq1.4
wikyblog:wikyblogwikyblogeq1.4.1
wikyblog:wikyblogwikyblogeq1.4.2
wikyblog:wikyblogwikyblogeq1.4.3
wikyblog:wikyblogwikyblogeq1.4.4

CPE	Name	Operator	Version
wikyblog:wikyblog	wikyblog	le	1.7
wikyblog:wikyblog	wikyblog	eq	1.2.1
wikyblog:wikyblog	wikyblog	eq	1.2.2
wikyblog:wikyblog	wikyblog	eq	1.2.3
wikyblog:wikyblog	wikyblog	eq	1.3.2
wikyblog:wikyblog	wikyblog	eq	1.4
wikyblog:wikyblog	wikyblog	eq	1.4.1
wikyblog:wikyblog	wikyblog	eq	1.4.2
wikyblog:wikyblog	wikyblog	eq	1.4.3
wikyblog:wikyblog	wikyblog	eq	1.4.4

Rows per page:

1-10 of 541

References

osvdb.org/48790

secunia.com/advisories/32087

sourceforge.net/project/shownotes.php?group_id=148518&release_id=647444

www.digitrustgroup.com/advisories/web-application-security-wikyblog.html

www.securityfocus.com/bid/31525

exchange.xforce.ibmcloud.com/vulnerabilities/45603

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.9%

JSON

Related for CVE-2008-6097

cvelist1 nvd1 prion1