Lucene search

MitreCVE-2008-6927

HistoryAug 10, 2009 - 8:30 p.m.

CVE-2008-6927

2009-08-1020:30:00

CWE-79

mitre

web.nvd.nist.gov

cve-2008-6927

xss

vulnerabilities

autoinstall4imagesgalleryupgrade.php

fantastico de luxe module

cpanel

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.004

Percentile

72.9%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allow remote attackers to inject arbitrary web script or HTML via the (1) localapp, (2) updatedir, (3) scriptpath_show, (4) domain_show, (5) thispage, (6) thisapp, and (7) currentversion parameters in an Upgrade action.

Affected configurations

Nvd

Node

cpanelcpanel

VendorProductVersionCPE
cpanelcpanel*cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cpanel	cpanel	*	cpe:2.3:a:cpanel:cpanel::::::::

References

secunia.com/advisories/32423

www.netenberg.com/forum/index.php?topic=6832

www.osvdb.org/49518

www.securityfocus.com/archive/1/497964/100/0/threaded

www.securityfocus.com/archive/1/498519

www.securityfocus.com/archive/1/498526

exchange.xforce.ibmcloud.com/vulnerabilities/46253

www.exploit-db.com/exploits/6897

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.004

Percentile

72.9%

JSON

Related for CVE-2008-6927