Lucene search

[email protected]NVD:CVE-2008-6325

HistoryFeb 27, 2009 - 11:30 a.m.

CVE-2008-6325

2009-02-2711:30:00

CWE-79

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.1%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Classifieds Script allow remote attackers to inject arbitrary web script or HTML via the (1) radio parameter to showcategory.php, (2) msg parameter to advertisers/signinform.php, (3) radio parameter to gallery.php, (4) msg parameter to lostpassword.php, (5) radio parameter to showcategory.php, (6) msg parameter to admin/adminhome.php, and (7) msg parameter to admin/index.php. NOTE: a different signinform.php file is already covered by CVE-2008-6306.

Affected configurations

NVD

Node

softbizscriptsclassifieds_scriptMatch-

References

packetstorm.linuxsecurity.com/0812-exploits/classifieds-xss.txt

secunia.com/advisories/32828

www.securityfocus.com/bid/32569

exchange.xforce.ibmcloud.com/vulnerabilities/47008

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.1%

JSON

Related for NVD:CVE-2008-6325

cve2 prion2 cvelist2 openvas2 nvd1