Lucene search

[email protected]CVE-2008-6476

HistoryMar 16, 2009 - 4:30 p.m.

CVE-2008-6476

2009-03-1616:30:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2008-6476

xss

blog

blogengine.net

vulnerability

web script

html

nvd

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

55.6%

JSON

Cross-site scripting (XSS) vulnerability in blog/search.aspx in BlogEngine.NET allows remote attackers to inject arbitrary web script or HTML via the q parameter.

CPENameOperatorVersion
dotnetblogengine:blogengine.netdotnetblogengine blogengine.neteq*

CPE	Name	Operator	Version
dotnetblogengine:blogengine.net	dotnetblogengine blogengine.net	eq	*

References

osvdb.org/44290

osvdb.org/ref/44/blogengine-search-xss.txt

www.securityfocus.com/bid/34227

exchange.xforce.ibmcloud.com/vulnerabilities/49307

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

55.6%

JSON

Related for CVE-2008-6476

cvelist1 prion1