Lucene search

[email protected]CVE-2008-7108

HistoryAug 28, 2009 - 3:30 p.m.

CVE-2008-7108

2009-08-2815:30:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2008-7108

cross-site scripting

xss

carmosa phpcart

remote attackers

injection

arbitrary

web script

html

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.0%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Carmosa phpCart 3.4 through 4.6.4 allow remote attackers to inject arbitrary web script or HTML via the (1) quantity or (2) Add Engraving fields to the default URI; (3) Quantity field to phpcart.php; (4) Name, (5) Company, (6) Address, (7) City, and (8) Province/State fields in a checkout action to phpcart.php; and other unspecified vectors.

Affected configurations

NVD

Node

phpcartphpcartMatch3.4

CPENameOperatorVersion
phpcart:phpcartphpcarteq3.4

CPE	Name	Operator	Version
phpcart:phpcart	phpcart	eq	3.4

References

www.securityfocus.com/archive/1/495806/100/0/threaded

www.securityfocus.com/bid/30884

exchange.xforce.ibmcloud.com/vulnerabilities/44760

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.0%

JSON

Related for CVE-2008-7108

prion1 cvelist1 nvd1