Lucene search

[email protected]CVE-2008-6240

HistoryFeb 23, 2009 - 3:30 p.m.

CVE-2008-6240

2009-02-2315:30:04

CWE-79

[email protected]

web.nvd.nist.gov

cve-2008-6240

cross-site scripting

xss

openedit digital asset management

dam

remote attackers

web script

html

catalogid parameter

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.5%

JSON

Cross-site scripting (XSS) vulnerability in data/views/index.html in OpenEdit Digital Asset Management (DAM) before 5.2014 allows remote attackers to inject arbitrary web script or HTML via the catalogid parameter.

Affected configurations

NVD

Node

openeditopenedit_digital_asset_managementRange≤5.0

CPENameOperatorVersion
openedit:openedit_digital_asset_managementopenedit openedit digital asset managementle5.0

CPE	Name	Operator	Version
openedit:openedit_digital_asset_management	openedit openedit digital asset management	le	5.0

References

holisticinfosec.org/content/view/95/45/

secunia.com/advisories/33296

www.osvdb.org/51028

www.securityfocus.com/bid/33063

exchange.xforce.ibmcloud.com/vulnerabilities/47692

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.5%

JSON

Related for CVE-2008-6240

prion1 nvd1 cvelist1