Lucene search

[email protected]CVE-2009-1908

HistoryOct 03, 2022 - 4:23 p.m.

CVE-2009-1908

2022-10-0316:23:58

CWE-79

[email protected]

web.nvd.nist.gov

cve-2009-1908

cross-site scripting

xss

skip

web security

vulnerability

remote attackers

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.5%

JSON

Cross-site scripting (XSS) vulnerability in Skip 1.0.2 and earlier, and 1.1RC2 and earlier 1.1RC versions, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected configurations

NVD

Node

openskipskipRange≤1.0.2

openskipskipRange≤1.1rc

openskipskipRange≤1.1rc2

openskipskipMatch0.9

openskipskipMatch1.0.0

openskipskipMatch1.0.1

CPENameOperatorVersion
openskip:skipopenskip skiple1.0.2
openskip:skipopenskip skiple1.1
openskip:skipopenskip skipeq0.9
openskip:skipopenskip skipeq1.0.0
openskip:skipopenskip skipeq1.0.1

CPE	Name	Operator	Version
openskip:skip	openskip skip	le	1.0.2
openskip:skip	openskip skip	le	1.1
openskip:skip	openskip skip	eq	0.9
openskip:skip	openskip skip	eq	1.0.0
openskip:skip	openskip skip	eq	1.0.1

References

dev.openskip.org/redmine/issues/show/677

jvn.jp/en/jp/JVN43233160/index.html

jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000025.html

portal.openskip.org/top/releasenote-ver1-0-0

secunia.com/advisories/35041

www.securityfocus.com/bid/34898

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.5%

JSON

Related for CVE-2009-1908

jvn1 cvelist1 nvd1 prion1