Lucene search

MitreCVE-2008-6435

HistoryMar 06, 2009 - 6:30 p.m.

CVE-2008-6435

2009-03-0618:30:00

CWE-79

mitre

web.nvd.nist.gov

cve-2008-6435

phpsqlitecms

xss

vulnerabilities

web script

html

remote attackers

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.002

Percentile

56.0%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in phpSQLiteCMS 1 RC2 allow remote attackers to inject arbitrary web script or HTML via the (1) lang[home], (2) lang[admin_menu], and (3) lang[admin_menu_page_overview] parameters to cms/includes/header.inc.php; and the (4) lang[login_username] and (5) lang[login_password] parameters to cms/includes/login.inc.php.

Affected configurations

Nvd

Node

phpsqlitecmsphpsqlitecmsMatch1rc2

VendorProductVersionCPE
phpsqlitecmsphpsqlitecms1cpe:2.3:a:phpsqlitecms:phpsqlitecms:1:*:rc2:*:*:*:*:*

Vendor	Product	Version	CPE
phpsqlitecms	phpsqlitecms	1	cpe:2.3:a:phpsqlitecms:phpsqlitecms:1::rc2:::::

References

www.securityfocus.com/archive/1/492446/100/0/threaded

www.securityfocus.com/bid/29338

exchange.xforce.ibmcloud.com/vulnerabilities/42585

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.002

Percentile

56.0%

JSON

Related for CVE-2008-6435