Lucene search

[email protected]CVE-2009-3450

HistorySep 29, 2009 - 3:30 p.m.

CVE-2009-3450

2009-09-2915:30:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2009-3450

cross-site scripting

xss

webcoremodule.ashx

radactive i-load

remote attackers

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.3 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.3%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allow remote attackers to inject arbitrary web script or HTML via parameters with names beginning with __ (underscore underscore) sequences, which are incompatible with an XSS protection mechanism provided by Microsoft ASP.NET.

Affected configurations

NVD

Node

radactivei-loadRange≤2008.r2

radactivei-loadMatch1.6.3

radactivei-loadMatch1.6.3.1

radactivei-loadMatch1.6.3.2

radactivei-loadMatch1.6.3.3

radactivei-loadMatch1.7.0.0

radactivei-loadMatch1.7.0.1

radactivei-loadMatch1.7.0.2

radactivei-loadMatch1.7.0.3

radactivei-loadMatch1.7.0.4

radactivei-loadMatch1.7.0.5

radactivei-loadMatch1.7.0.6

radactivei-loadMatch1.7.0.7

radactivei-loadMatch1.7.0.8

radactivei-loadMatch1.7.0.9

radactivei-loadMatch1.7.0.10

radactivei-loadMatch1.7.0.11

radactivei-loadMatch1.7.0.12

radactivei-loadMatch1.7.5.0

radactivei-loadMatch1.7.5.1

radactivei-loadMatch1.7.5.2

radactivei-loadMatch1.7.6.0

radactivei-loadMatch1.7.6.1

radactivei-loadMatch1.7.7.0

radactivei-loadMatch1.7.7.1

radactivei-loadMatch1.7.7.2

radactivei-loadMatch1.7.7.3

radactivei-loadMatch1.7.7.4

radactivei-loadMatch1.7.7.5

radactivei-loadMatch1.7.7.6

radactivei-loadMatch1.7.7.8

radactivei-loadMatch1.7.7.9

radactivei-loadMatch1.7.7.11

radactivei-loadMatch2008.1.0.0

radactivei-loadMatch2008.1.0.1

radactivei-loadMatch2008.1.0.2

radactivei-loadMatch2008.1.1.0

radactivei-loadMatch2008.1.2.0

radactivei-loadMatch2008.1.2.1

radactivei-loadMatch2008.1.3.0

radactivei-loadMatch2008.2.1.0

radactivei-loadMatch2008.2.1.1

radactivei-loadMatch2008.2.2.0

radactivei-loadMatch2008.2.3.0

radactivei-loadMatch2008.2.3.1

radactivei-loadMatch2008.2.3.2

radactivei-loadMatch2008.2.4.0

CPENameOperatorVersion
radactive:i-loadradactive i-loadle2008.r2
radactive:i-loadradactive i-loadeq1.6.3
radactive:i-loadradactive i-loadeq1.6.3.1
radactive:i-loadradactive i-loadeq1.6.3.2
radactive:i-loadradactive i-loadeq1.6.3.3
radactive:i-loadradactive i-loadeq1.7.0.0
radactive:i-loadradactive i-loadeq1.7.0.1
radactive:i-loadradactive i-loadeq1.7.0.2
radactive:i-loadradactive i-loadeq1.7.0.3
radactive:i-loadradactive i-loadeq1.7.0.4

CPE	Name	Operator	Version
radactive:i-load	radactive i-load	le	2008.r2
radactive:i-load	radactive i-load	eq	1.6.3
radactive:i-load	radactive i-load	eq	1.6.3.1
radactive:i-load	radactive i-load	eq	1.6.3.2
radactive:i-load	radactive i-load	eq	1.6.3.3
radactive:i-load	radactive i-load	eq	1.7.0.0
radactive:i-load	radactive i-load	eq	1.7.0.1
radactive:i-load	radactive i-load	eq	1.7.0.2
radactive:i-load	radactive i-load	eq	1.7.0.3
radactive:i-load	radactive i-load	eq	1.7.0.4

Rows per page:

1-10 of 471

References

radnet.radactive.com/forum/Default.aspx?g=posts&t=339

secunia.com/advisories/23807

www.osvdb.org/58195

www.securityfocus.com/archive/1/506555/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/53348

www.sec-consult.com/files/20090917-0_RADactive_I-Load_Multiple_Vulnerabilities.txt

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.3 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.3%

JSON

Related for CVE-2009-3450

prion1 nvd1 cvelist1