Lucene search

[email protected]NVD:CVE-2008-4903

HistoryNov 04, 2008 - 12:58 a.m.

CVE-2008-4903

2008-11-0400:58:40

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.003

Percentile

65.5%

JSON

Cross-site scripting (XSS) vulnerability in the leave comment (feedback) feature in Typo 5.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) comment[author] (Name) and (2) comment[url] (Website) parameters.

Affected configurations

Nvd

Node

typospheretypoRange≤5.1.3

typospheretypoMatch1.6

typospheretypoMatch1.6.8

typospheretypoMatch2.0.0

typospheretypoMatch2.0.1

typospheretypoMatch2.0.5

typospheretypoMatch2.0.6

typospheretypoMatch2.5.0

typospheretypoMatch2.5.1

typospheretypoMatch2.5.2

typospheretypoMatch2.5.3

typospheretypoMatch2.5.4

typospheretypoMatch2.5.5

typospheretypoMatch2.5.6

typospheretypoMatch2.5.7

typospheretypoMatch2.5.8

typospheretypoMatch2.6.0

typospheretypoMatch3.99.0

typospheretypoMatch3.99.1

typospheretypoMatch3.99.2

typospheretypoMatch3.99.3

typospheretypoMatch3.99.4

typospheretypoMatch4.0.0

typospheretypoMatch4.1.1

typospheretypoMatch5.0.2

typospheretypoMatch5.0.3

typospheretypoMatch5.0.3.98

typospheretypoMatch5.0.3.98.1

typospheretypoMatch5.1

typospheretypoMatch5.1.1

typospheretypoMatch5.1.2

VendorProductVersionCPE
typospheretypo*cpe:2.3:a:typosphere:typo:*:*:*:*:*:*:*:*
typospheretypo1.6cpe:2.3:a:typosphere:typo:1.6:*:*:*:*:*:*:*
typospheretypo1.6.8cpe:2.3:a:typosphere:typo:1.6.8:*:*:*:*:*:*:*
typospheretypo2.0.0cpe:2.3:a:typosphere:typo:2.0.0:*:*:*:*:*:*:*
typospheretypo2.0.1cpe:2.3:a:typosphere:typo:2.0.1:*:*:*:*:*:*:*
typospheretypo2.0.5cpe:2.3:a:typosphere:typo:2.0.5:*:*:*:*:*:*:*
typospheretypo2.0.6cpe:2.3:a:typosphere:typo:2.0.6:*:*:*:*:*:*:*
typospheretypo2.5.0cpe:2.3:a:typosphere:typo:2.5.0:*:*:*:*:*:*:*
typospheretypo2.5.1cpe:2.3:a:typosphere:typo:2.5.1:*:*:*:*:*:*:*
typospheretypo2.5.2cpe:2.3:a:typosphere:typo:2.5.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
typosphere	typo	*	cpe:2.3:a:typosphere:typo::::::::
typosphere	typo	1.6	cpe:2.3:a:typosphere:typo:1.6:::::::*
typosphere	typo	1.6.8	cpe:2.3:a:typosphere:typo:1.6.8:::::::*
typosphere	typo	2.0.0	cpe:2.3:a:typosphere:typo:2.0.0:::::::*
typosphere	typo	2.0.1	cpe:2.3:a:typosphere:typo:2.0.1:::::::*
typosphere	typo	2.0.5	cpe:2.3:a:typosphere:typo:2.0.5:::::::*
typosphere	typo	2.0.6	cpe:2.3:a:typosphere:typo:2.0.6:::::::*
typosphere	typo	2.5.0	cpe:2.3:a:typosphere:typo:2.5.0:::::::*
typosphere	typo	2.5.1	cpe:2.3:a:typosphere:typo:2.5.1:::::::*
typosphere	typo	2.5.2	cpe:2.3:a:typosphere:typo:2.5.2:::::::*

Rows per page:

1-10 of 311

References

secunia.com/advisories/32272

securityreason.com/securityalert/4550

www.securityfocus.com/archive/1/497970

www.securityfocus.com/bid/31993

exchange.xforce.ibmcloud.com/vulnerabilities/46204

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.003

Percentile

65.5%

JSON

Related for NVD:CVE-2008-4903

prion1 cve1 ubuntucve1 cvelist1