Lucene search

[email protected]NVD:CVE-2008-1225

HistoryMar 10, 2008 - 5:44 p.m.

CVE-2008-1225

2008-03-1017:44:00

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.3

Confidence

High

EPSS

0.004

Percentile

74.1%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in WebCT Campus Edition 4.1.5.8, when “Don’t wrap text” is enabled, allow remote authenticated users to inject arbitrary web script or HTML via a (1) mail message or (2) discussion board message. NOTE: this might overlap CVE-2005-1076.

Affected configurations

Nvd

Node

webctwebctMatch4.1.5.8campus_edition

VendorProductVersionCPE
webctwebct4.1.5.8cpe:2.3:a:webct:webct:4.1.5.8:*:campus_edition:*:*:*:*:*

Vendor	Product	Version	CPE
webct	webct	4.1.5.8	cpe:2.3:a:webct:webct:4.1.5.8::campus_edition:::::

References

marc.info/?l=full-disclosure&m=120471944119467&w=2

secunia.com/advisories/29227

www.balupton.com/blogs/dev?title=webct_session_stealer_exploit

www.balupton.com/documents/webct_exploits.txt

www.securityfocus.com/bid/28107

exchange.xforce.ibmcloud.com/vulnerabilities/41047

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.3

Confidence

High

EPSS

0.004

Percentile

74.1%

JSON

Related for NVD:CVE-2008-1225

cvelist2 prion1 cve2 exploitdb2 nvd1