Lucene search

MitreCVE-2009-0404

HistoryFeb 03, 2009 - 7:30 p.m.

CVE-2009-0404

2009-02-0319:30:00

CWE-79

mitre

web.nvd.nist.gov

cve-2009-0404

cross-site scripting

xss

bioinformatics

htmlawed

internet explorer 7

security vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.003

Percentile

69.3%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Bioinformatics htmLawed 1.1.3 and 1.1.4 allow remote attackers to inject arbitrary web script or HTML via invalid Cascading Style Sheets (CSS) expressions in the style attribute, which is processed by Internet Explorer 7.

Affected configurations

Nvd

Node

bioinformaticshtmlawedRange≤1.1.3

bioinformaticshtmlawedMatch1.0

bioinformaticshtmlawedMatch1.0.1

bioinformaticshtmlawedMatch1.0.2

bioinformaticshtmlawedMatch1.0.3

bioinformaticshtmlawedMatch1.0.4

bioinformaticshtmlawedMatch1.0.5

bioinformaticshtmlawedMatch1.0.6

bioinformaticshtmlawedMatch1.0.7

bioinformaticshtmlawedMatch1.0.8

bioinformaticshtmlawedMatch1.0.9

bioinformaticshtmlawedMatch1.1

bioinformaticshtmlawedMatch1.1.1

bioinformaticshtmlawedMatch1.1.2

VendorProductVersionCPE
bioinformaticshtmlawed*cpe:2.3:a:bioinformatics:htmlawed:*:*:*:*:*:*:*:*
bioinformaticshtmlawed1.0cpe:2.3:a:bioinformatics:htmlawed:1.0:*:*:*:*:*:*:*
bioinformaticshtmlawed1.0.1cpe:2.3:a:bioinformatics:htmlawed:1.0.1:*:*:*:*:*:*:*
bioinformaticshtmlawed1.0.2cpe:2.3:a:bioinformatics:htmlawed:1.0.2:*:*:*:*:*:*:*
bioinformaticshtmlawed1.0.3cpe:2.3:a:bioinformatics:htmlawed:1.0.3:*:*:*:*:*:*:*
bioinformaticshtmlawed1.0.4cpe:2.3:a:bioinformatics:htmlawed:1.0.4:*:*:*:*:*:*:*
bioinformaticshtmlawed1.0.5cpe:2.3:a:bioinformatics:htmlawed:1.0.5:*:*:*:*:*:*:*
bioinformaticshtmlawed1.0.6cpe:2.3:a:bioinformatics:htmlawed:1.0.6:*:*:*:*:*:*:*
bioinformaticshtmlawed1.0.7cpe:2.3:a:bioinformatics:htmlawed:1.0.7:*:*:*:*:*:*:*
bioinformaticshtmlawed1.0.8cpe:2.3:a:bioinformatics:htmlawed:1.0.8:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
bioinformatics	htmlawed	*	cpe:2.3:a:bioinformatics:htmlawed::::::::
bioinformatics	htmlawed	1.0	cpe:2.3:a:bioinformatics:htmlawed:1.0:::::::*
bioinformatics	htmlawed	1.0.1	cpe:2.3:a:bioinformatics:htmlawed:1.0.1:::::::*
bioinformatics	htmlawed	1.0.2	cpe:2.3:a:bioinformatics:htmlawed:1.0.2:::::::*
bioinformatics	htmlawed	1.0.3	cpe:2.3:a:bioinformatics:htmlawed:1.0.3:::::::*
bioinformatics	htmlawed	1.0.4	cpe:2.3:a:bioinformatics:htmlawed:1.0.4:::::::*
bioinformatics	htmlawed	1.0.5	cpe:2.3:a:bioinformatics:htmlawed:1.0.5:::::::*
bioinformatics	htmlawed	1.0.6	cpe:2.3:a:bioinformatics:htmlawed:1.0.6:::::::*
bioinformatics	htmlawed	1.0.7	cpe:2.3:a:bioinformatics:htmlawed:1.0.7:::::::*
bioinformatics	htmlawed	1.0.8	cpe:2.3:a:bioinformatics:htmlawed:1.0.8:::::::*

Rows per page:

1-10 of 141

References

freshmeat.net/projects/htmlawed/?branch_id=74760&release_id=293026

freshmeat.net/projects/htmlawed/?branch_id=74760&release_id=293090

osvdb.org/51650

secunia.com/advisories/33655

www.bioinformatics.org/phplabware/forum/viewtopic.php?id=85

www.bioinformatics.org/phplabware/internal_utilities/htmLawed/htmLawed_README.htm#s4.3

www.securityfocus.com/bid/33507

exchange.xforce.ibmcloud.com/vulnerabilities/48333

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.003

Percentile

69.3%

JSON

Related for CVE-2009-0404