Lucene search

[email protected]CVE-2008-7250

HistoryDec 30, 2009 - 10:30 p.m.

CVE-2008-7250

2009-12-3022:30:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2008-7250

cross-site scripting

xss

squid analysis report generator

sarg

security vulnerability

nvd

cve

5.6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

50.3%

JSON

Cross-site scripting (XSS) vulnerability in Squid Analysis Report Generator (Sarg) 2.2.4 allows remote attackers to inject arbitrary web script or HTML via a JavaScript onload event in the User-Agent header, which is not properly handled when displaying the Squid proxy log. NOTE: this issue exists because of an incomplete fix for CVE-2008-1168.

CPENameOperatorVersion
pedro_lineu_orso:sargpedro lineu orso sargeq2.2.4

CPE	Name	Operator	Version
pedro_lineu_orso:sarg	pedro lineu orso sarg	eq	2.2.4

References

secunia.com/advisories/28668

sourceforge.net/project/shownotes.php?release_id=581509

www.vupen.com/english/advisories/2008/0750

5.6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

50.3%

JSON

Related for CVE-2008-7250

prion2 debiancve2 ubuntucve2 nessus3 cve1 securityvulns2 openvas4 gentoo1