Lucene search

MitreCVE-2009-4717

HistoryMar 15, 2010 - 9:30 p.m.

CVE-2009-4717

2010-03-1521:30:01

CWE-79

mitre

web.nvd.nist.gov

security

web security

web vulnerabilities

cross-site scripting

xss

gonafish webstatcaffe

cve-2009-4717"

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.002

Percentile

56.5%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Gonafish WebStatCaffe allow remote attackers to inject arbitrary web script or HTML via the (1) host parameter to stat/host.php, nodayshow parameter to (2) mostvisitpage.php and (3) visitorduration.php in stat/, (4) nopagesmost parameter to stat/mostvisitpagechart.php, and date parameter to (5) pageviewers.php, (6) pageviewerschart.php, and (7) referer.php in stat/.

Affected configurations

Nvd

Node

gonafishwebstatcaffe

VendorProductVersionCPE
gonafishwebstatcaffe*cpe:2.3:a:gonafish:webstatcaffe:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gonafish	webstatcaffe	*	cpe:2.3:a:gonafish:webstatcaffe::::::::

References

packetstormsecurity.org/0907-exploits/webstatcaffe-xss.txt

secunia.com/advisories/36068

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.002

Percentile

56.5%

JSON

Related for CVE-2009-4717