Lucene search

[email protected]CVE-2008-6644

HistoryApr 07, 2009 - 2:17 p.m.

CVE-2008-6644

2009-04-0714:17:17

CWE-79

[email protected]

web.nvd.nist.gov

cve

2008

6644

cross-site scripting

xss

dotnetnuke

path_info

nvd

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

53.9%

JSON

Cross-site scripting (XSS) vulnerability in Default.aspx in DotNetNuke 4.8.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

Affected configurations

NVD

Node

dotnetnukedotnetnukeRange≤4.8.3

dotnetnukedotnetnukeMatch1.0.6

dotnetnukedotnetnukeMatch1.0.7

dotnetnukedotnetnukeMatch1.0.8

dotnetnukedotnetnukeMatch1.0.9

dotnetnukedotnetnukeMatch1.0.10d

dotnetnukedotnetnukeMatch1.0.10e

dotnetnukedotnetnukeMatch2.1.1

dotnetnukedotnetnukeMatch2.1.2

dotnetnukedotnetnukeMatch3.0.7

dotnetnukedotnetnukeMatch3.0.8

dotnetnukedotnetnukeMatch3.0.11

dotnetnukedotnetnukeMatch3.1.0

dotnetnukedotnetnukeMatch3.3.5

dotnetnukedotnetnukeMatch4.0

dotnetnukedotnetnukeMatch4.3.5

dotnetnukedotnetnukeMatch4.5.2

dotnetnukedotnetnukeMatch4.8.1

dotnetnukedotnetnukeMatch4.8.2

CPENameOperatorVersion
dotnetnuke:dotnetnukedotnetnukele4.8.3
dotnetnuke:dotnetnukedotnetnukeeq1.0.6
dotnetnuke:dotnetnukedotnetnukeeq1.0.7
dotnetnuke:dotnetnukedotnetnukeeq1.0.8
dotnetnuke:dotnetnukedotnetnukeeq1.0.9
dotnetnuke:dotnetnukedotnetnukeeq1.0.10d
dotnetnuke:dotnetnukedotnetnukeeq1.0.10e
dotnetnuke:dotnetnukedotnetnukeeq2.1.1
dotnetnuke:dotnetnukedotnetnukeeq2.1.2
dotnetnuke:dotnetnukedotnetnukeeq3.0.7

CPE	Name	Operator	Version
dotnetnuke:dotnetnuke	dotnetnuke	le	4.8.3
dotnetnuke:dotnetnuke	dotnetnuke	eq	1.0.6
dotnetnuke:dotnetnuke	dotnetnuke	eq	1.0.7
dotnetnuke:dotnetnuke	dotnetnuke	eq	1.0.8
dotnetnuke:dotnetnuke	dotnetnuke	eq	1.0.9
dotnetnuke:dotnetnuke	dotnetnuke	eq	1.0.10d
dotnetnuke:dotnetnuke	dotnetnuke	eq	1.0.10e
dotnetnuke:dotnetnuke	dotnetnuke	eq	2.1.1
dotnetnuke:dotnetnuke	dotnetnuke	eq	2.1.2
dotnetnuke:dotnetnuke	dotnetnuke	eq	3.0.7

Rows per page:

1-10 of 191

References

secunia.com/advisories/30617

www.dotnetnuke.com/News/SecurityPolicy/SecurityBulletinno19/tabid/1166/Default.aspx

www.securityfocus.com/archive/1/492793/100/0/threaded

www.securityfocus.com/bid/29437

exchange.xforce.ibmcloud.com/vulnerabilities/42752

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

53.9%

JSON

Related for CVE-2008-6644

prion1 nvd1 cvelist1