Lucene search

[email protected]CVE-2008-6168

HistoryFeb 19, 2009 - 3:30 p.m.

CVE-2008-6168

2009-02-1915:30:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2008-6168

cross-site scripting

xss vulnerability

miniportail 2.2

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.8%

JSON

Cross-site scripting (XSS) vulnerability in search.php in miniPortail 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified argument, probably the search string.

Affected configurations

NVD

Node

miniportailminiportailMatch1.9

miniportailminiportailMatch2.0

miniportailminiportailMatch2.1

miniportailminiportailMatch2.2

CPENameOperatorVersion
miniportail:miniportailminiportaileq1.9
miniportail:miniportailminiportaileq2.0
miniportail:miniportailminiportaileq2.1
miniportail:miniportailminiportaileq2.2

CPE	Name	Operator	Version
miniportail:miniportail	miniportail	eq	1.9
miniportail:miniportail	miniportail	eq	2.0
miniportail:miniportail	miniportail	eq	2.1
miniportail:miniportail	miniportail	eq	2.2

References

www.securityfocus.com/bid/31895

exchange.xforce.ibmcloud.com/vulnerabilities/46080

www.exploit-db.com/exploits/6821

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.8%

JSON

Related for CVE-2008-6168

cvelist1 prion1 nvd1