Lucene search

[email protected]NVD:CVE-2009-2302

HistoryJul 02, 2009 - 10:30 a.m.

CVE-2009-2302

2009-07-0210:30:00

CWE-79

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.6 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.8%

JSON

Cross-site scripting (XSS) vulnerability in index.php in Aardvark Topsites PHP 5.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action. NOTE: it was later reported that 5.2.1 is also affected.

Affected configurations

NVD

Node

avaticaardvark_topsites_phpRange≤5.2.0

avaticaardvark_topsites_phpMatch4.0.2

avaticaardvark_topsites_phpMatch4.1.1

avaticaardvark_topsites_phpMatch4.2.2

avaticaardvark_topsites_phpMatch5

avaticaardvark_topsites_phpMatch5.0.3

avaticaardvark_topsites_phpMatch5.1.2

References

secunia.com/advisories/41985

websec.id3as.com/aardvark-topsites-php-521-security-vulnerabilities-disclosure/

www.securityfocus.com/archive/1/504574/100/0/threaded

www.securityfocus.com/archive/1/514423/100/0/threaded

www.securityfocus.com/bid/35506

exchange.xforce.ibmcloud.com/vulnerabilities/51391

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.6 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.8%

JSON

Related for NVD:CVE-2009-2302

cve2 cvelist2 prion2 nvd1