Lucene search

K
nvd[email protected]NVD:CVE-2008-6510
HistoryMar 23, 2009 - 8:00 p.m.

CVE-2008-6510

2009-03-2320:00:00
CWE-79
web.nvd.nist.gov
7

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.5

Confidence

High

EPSS

0.005

Percentile

75.5%

Cross-site scripting (XSS) vulnerability in login.jsp in the Admin Console in Openfire 3.6.0a and earlier allows remote attackers to inject arbitrary web script or HTML via the url parameter.

Affected configurations

Nvd
Node
igniterealtimeopenfireRange3.6.0a
OR
igniterealtimeopenfireMatch2.6.0
OR
igniterealtimeopenfireMatch2.6.1
OR
igniterealtimeopenfireMatch2.6.2
OR
igniterealtimeopenfireMatch3.0.0
OR
igniterealtimeopenfireMatch3.0.1
OR
igniterealtimeopenfireMatch3.1.0
OR
igniterealtimeopenfireMatch3.1.1
OR
igniterealtimeopenfireMatch3.2.0
OR
igniterealtimeopenfireMatch3.2.1
OR
igniterealtimeopenfireMatch3.2.2
OR
igniterealtimeopenfireMatch3.2.3
OR
igniterealtimeopenfireMatch3.2.4
OR
igniterealtimeopenfireMatch3.3.0
OR
igniterealtimeopenfireMatch3.3.2
OR
igniterealtimeopenfireMatch3.3.3
OR
igniterealtimeopenfireMatch3.4.0
OR
igniterealtimeopenfireMatch3.4.1
OR
igniterealtimeopenfireMatch3.4.3
OR
igniterealtimeopenfireMatch3.4.4
OR
igniterealtimeopenfireMatch3.4.5
OR
igniterealtimeopenfireMatch3.5.0
OR
igniterealtimeopenfireMatch3.5.1
OR
igniterealtimeopenfireMatch3.5.2
OR
igniterealtimeopenfireMatch3.6.0

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.5

Confidence

High

EPSS

0.005

Percentile

75.5%