CVE-2009-4882
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.6 Medium
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
72.5%
Cross-site scripting (XSS) vulnerability in zc/publisher/html.rb in ZoneCheck 2.0.4-13 and 2.1.0 allows remote attackers to inject arbitrary web script or HTML via the ns parameter to zc.cgi.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| zonecheck:zonecheck | zonecheck | eq | 2.0.4-13 |
| zonecheck:zonecheck | zonecheck | eq | 2.1.0 |
References
bugs.debian.org/cgi-bin/bugreport.cgi?bug=583290
cvs.savannah.gnu.org/viewvc/zonecheck/zc/publisher/html.rb?root=zonecheck&r1=1.79&r2=1.80
cvs.savannah.gnu.org/viewvc/zonecheck/zc/publisher/html.rb?root=zonecheck&view=log#rev1.80
secunia.com/advisories/39940
secunia.com/advisories/40083
www.debian.org/security/2010/dsa-2056
www.vupen.com/english/advisories/2010/1351
www.vupen.com/english/advisories/2010/1354
www.xssed.com/mirror/61096/
savannah.nongnu.org/bugs/?29967
Related
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.6 Medium
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
72.5%