Lucene search

[email protected]CVE-2008-7089

HistoryAug 26, 2009 - 2:24 p.m.

CVE-2008-7089

2009-08-2614:24:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2008-7089

cross-site scripting

xss

pligg

security

vulnerability

nvd

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

72.8%

JSON

Cross-site scripting (XSS) vulnerability in Pligg 9.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a search action to user.php and other unspecified vectors.

CPENameOperatorVersion
pligg:pligg_cmspligg pligg cmsle9.9.0
pligg:pligg_cmspligg pligg cmseq9.5

CPE	Name	Operator	Version
pligg:pligg_cms	pligg pligg cms	le	9.9.0
pligg:pligg_cms	pligg pligg cms	eq	9.5

References

www.gulftech.org/?node=research&article_id=00120-07312008

www.osvdb.org/50186

www.securityfocus.com/archive/1/494987/100/0/threaded

www.securityfocus.com/bid/30458

exchange.xforce.ibmcloud.com/vulnerabilities/44187

www.exploit-db.com/exploits/6173

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

72.8%

JSON

Related for CVE-2008-7089

prion1 cvelist1