Lucene search

[email protected]CVE-2008-6351

HistoryMar 02, 2009 - 4:30 p.m.

CVE-2008-6351

2009-03-0216:30:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2008-6351

xss

web script injection

html injection

nvd

turnkeyforms

classifieds

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.4%

JSON

Cross-site scripting (XSS) vulnerability in listtest.php in TurnkeyForms Local Classifieds allows remote attackers to inject arbitrary web script or HTML via the r parameter.

Affected configurations

NVD

Node

turnkeyformslocal_classifiedsMatch-

CPENameOperatorVersion
turnkeyforms:local_classifiedsturnkeyforms local classifiedseq-

CPE	Name	Operator	Version
turnkeyforms:local_classifieds	turnkeyforms local classifieds	eq	-

References

secunia.com/advisories/32591

www.securityfocus.com/bid/32176

exchange.xforce.ibmcloud.com/vulnerabilities/46419

www.exploit-db.com/exploits/7035

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.4%

JSON

Related for CVE-2008-6351

cvelist1 prion1 nvd1