Lucene search

[email protected]CVE-2008-7171

HistorySep 08, 2009 - 10:30 a.m.

CVE-2008-7171

2009-09-0810:30:01

CWE-79

[email protected]

web.nvd.nist.gov

cve

2008

7171

xss

vulnerabilities

lightweight news portal

lnp

nvd

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

60.3%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Lightweight news portal (LNP) 1.0b allow remote attackers to inject arbitrary web script or HTML via the (1) photo parameter to show_photo.php, (2) potd parameter to show_potd.php, or (3) the Current question field in a vote action to admin.php.

Affected configurations

NVD

Node

yanick_bourbeaulightweight_news_portalMatch1.0b

CPENameOperatorVersion
yanick_bourbeau:lightweight_news_portalyanick bourbeau lightweight news portaleq1.0b

CPE	Name	Operator	Version
yanick_bourbeau:lightweight_news_portal	yanick bourbeau lightweight news portal	eq	1.0b

References

www.securityfocus.com/bid/29848

exchange.xforce.ibmcloud.com/vulnerabilities/43224

exchange.xforce.ibmcloud.com/vulnerabilities/43226

www.exploit-db.com/exploits/5873

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

60.3%

JSON

Related for CVE-2008-7171

nvd1 cvelist1 prion1