ID CVE-2008-7092 Type cve Reporter cve@mitre.org Modified 2017-08-17T01:29:00
Description
Multiple cross-site scripting (XSS) vulnerabilities in Unica Affinium Campaign 7.2.1.0.55 allow remote attackers to inject arbitrary web script or HTML via a Javascript event in the (1) url, (2) PageName, and (3) title parameters in a CustomBookMarkLink action to Campaign/Campaign; (4) a Javascript event in the displayIcon parameter to Campaign/updateOfferTemplateSubmit.do (aka the templates web page); (5) crafted input to Campaign/CampaignListener (aka the listener server), which is not properly handled when displaying the status log; and (6) id parameter to Campaign/campaignDetails.do, (7) id parameter to Campaign/offerDetails.do, (8) function parameter to Campaign/Campaign, (9) sessionID parameter to Campaign/runAllFlowchart.do, (10) id parameter in an edit action to Campaign/updateOfferTemplatePage.do, (11) Frame parameter in a LoadFrame action to Campaign/Campaign, (12) affiniumUserName parameter to manager/jsp/test.jsp, (13) affiniumUserName parameter to Campaign/main.do, and possibly other vectors.
{"id": "CVE-2008-7092", "bulletinFamily": "NVD", "title": "CVE-2008-7092", "description": "Multiple cross-site scripting (XSS) vulnerabilities in Unica Affinium Campaign 7.2.1.0.55 allow remote attackers to inject arbitrary web script or HTML via a Javascript event in the (1) url, (2) PageName, and (3) title parameters in a CustomBookMarkLink action to Campaign/Campaign; (4) a Javascript event in the displayIcon parameter to Campaign/updateOfferTemplateSubmit.do (aka the templates web page); (5) crafted input to Campaign/CampaignListener (aka the listener server), which is not properly handled when displaying the status log; and (6) id parameter to Campaign/campaignDetails.do, (7) id parameter to Campaign/offerDetails.do, (8) function parameter to Campaign/Campaign, (9) sessionID parameter to Campaign/runAllFlowchart.do, (10) id parameter in an edit action to Campaign/updateOfferTemplatePage.do, (11) Frame parameter in a LoadFrame action to Campaign/Campaign, (12) affiniumUserName parameter to manager/jsp/test.jsp, (13) affiniumUserName parameter to Campaign/main.do, and possibly other vectors.", "published": "2009-08-26T14:24:00", "modified": "2017-08-17T01:29:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7092", "reporter": "cve@mitre.org", "references": ["http://www.osvdb.org/47528", "http://www.portcullis.co.uk/286.php", "http://www.osvdb.org/47522", "http://www.osvdb.org/47520", "http://www.osvdb.org/47526", "http://www.osvdb.org/47521", "http://www.osvdb.org/47524", "http://www.portcullis.co.uk/289.php", "https://exchange.xforce.ibmcloud.com/vulnerabilities/44074", "http://secunia.com/advisories/31280", "http://www.securityfocus.com/bid/30433", "http://www.portcullis.co.uk/288.php", "https://exchange.xforce.ibmcloud.com/vulnerabilities/44072", "http://www.osvdb.org/47530", "http://www.osvdb.org/47523", "http://www.portcullis.co.uk/290.php", "https://exchange.xforce.ibmcloud.com/vulnerabilities/44073", "http://www.osvdb.org/47525"], "cvelist": ["CVE-2008-7092"], "type": "cve", "lastseen": "2019-05-29T18:09:30", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "2aba994c5752cd58513283c34e2a06a9"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "6e2820b903382a1a623b0c26acbaf88d"}, {"key": "cpe23", "hash": "c13d8a0ab0faa688998fc617ccee06d4"}, {"key": "cvelist", "hash": "510541c64263530b8e67d04dee2dcbd3"}, {"key": "cvss", "hash": "f74a1c24e49a5ecb0eefb5e51d4caa14"}, {"key": "cvss2", "hash": "25131d66a9f3961140b068f4b41aa42b"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "34e69e045b64924bccf865d56b6918a2"}, {"key": "description", "hash": "a041bbfc36804b239fe26b8cce1b9c29"}, {"key": "href", "hash": "a1a302d2b031d6a013e8e7c1d6bd1814"}, {"key": "modified", "hash": "042be6a55c0100aa7f711b7156c9abb7"}, {"key": "published", "hash": "0b86931c51e60d02c80211429c42ce3c"}, {"key": "references", "hash": "c7ecfe362de6edb606434298169f1fa6"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "9101a0aa90ba7a507d446bab11f1cb46"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "84290651137e5cadbfca065192e5a41e9acdc5cfb7647cea6d542fde8841e74c", "viewCount": 0, "enchantments": {"score": {"value": 1.8, "vector": "NONE", "modified": "2019-05-29T18:09:30"}, "dependencies": {"references": [], "modified": "2019-05-29T18:09:30"}, "vulnersScore": 1.8}, "objectVersion": "1.3", "cpe": ["cpe:/a:unica:affinium_campaign:7.2.1.0.55"], "affectedSoftware": [{"name": "unica affinium_campaign", "operator": "eq", "version": "7.2.1.0.55"}], "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {}, "cpe23": ["cpe:2.3:a:unica:affinium_campaign:7.2.1.0.55:*:*:*:*:*:*:*"], "cwe": ["CWE-79"]}
