Lucene search

[email protected]CVE-2008-6359

HistoryMar 02, 2009 - 4:30 p.m.

CVE-2008-6359

2009-03-0216:30:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2008-6359

xss

vulnerability

max's guestbook

index.php

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.8%

JSON

Cross-site scripting (XSS) vulnerability in index.php in Max’s Guestbook allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, and (3) message parameters.

Affected configurations

NVD

Node

phpf1max\'s_guestbookMatch-

CPENameOperatorVersion
phpf1:max\'s_guestbookphpf1 max's guestbookeq-

CPE	Name	Operator	Version
phpf1:max\'s_guestbook	phpf1 max's guestbook	eq	-

References

osvdb.org/50654

packetstormsecurity.org/files/110772/Maxs-Guestbook-1.0-Local-File-Inclusion-Path-Disclosure.html

secunia.com/advisories/33106

www.exploit-db.com/exploits/18595

www.securityfocus.com/archive/1/499099/100/0/threaded

www.securityfocus.com/bid/32763

www.securityfocus.com/bid/52471

exchange.xforce.ibmcloud.com/vulnerabilities/47250

exchange.xforce.ibmcloud.com/vulnerabilities/74011

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.8%

JSON

Related for CVE-2008-6359

cvelist1 prion1 nvd1