Lucene search
Japan Vulnerability NotesJVN:31351020HistoryApr 28, 2008 - 12:00 a.m.
JVN#31351020 Cross-site scripting vulnerabilities in multiple Bluemoon Inc. XOOPS modules
2008-04-2800:00:00
Japan Vulnerability Notes
jvn.jp
21
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
0.003
Percentile
68.2%
Mutiple modules provided by Blumoon Inc. for XOOPS 2.0.x / XOOPS Cube 2.1 / ImpressCMS are vulnerable to cross-site scripting.
Impact
An arbitrary script can be executed on the user’s web browser.
Solution
Update the Software
Update the product to the latest version according to the information provided by the vendor.
Products Affected
- Backpack version 0.91 and earlier
- Bmsurvey version 0.84 and earlier
- Newbb_fileup version 1.83 and earlier
- News_embed version 1.44 ( news_fileup ) and earlier
- Popnupblog version 3.19 and earlier
Related
nvd
nvd
CVE-2008-2035
2008-04-30 16:17:00
cvelist
cvelist
CVE-2008-2035
2008-04-30 15:00:00
cve
cve
CVE-2008-2035
2008-04-30 16:17:00
prion
prion
Cross site scripting
2008-04-30 16:17:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
0.003
Percentile
68.2%
Related for JVN:31351020