Lucene search

MitreCVE-2008-1716

HistoryApr 09, 2008 - 9:05 p.m.

CVE-2008-1716

2008-04-0921:05:00

CWE-79

mitre

web.nvd.nist.gov

cve-2008-1716

cross-site scripting

xss

woltlab community framework

wcf

woltlab burning board

web security

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.003

Percentile

68.5%

JSON

Cross-site scripting (XSS) vulnerability in WoltLab Community Framework (WCF) 1.0.6 in WoltLab Burning Board 3.0.5 allows remote attackers to inject arbitrary web script or HTML via the (1) page and (2) form parameters, which are not properly handled when they are reflected back in an error message.

Affected configurations

Nvd

Node

woltlabburning_boardMatch3.0.5

VendorProductVersionCPE
woltlabburning_board3.0.5cpe:2.3:a:woltlab:burning_board:3.0.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
woltlab	burning_board	3.0.5	cpe:2.3:a:woltlab:burning_board:3.0.5:::::::*

References

archives.neohapsis.com/archives/fulldisclosure/2008-04/0161.html

lists.grok.org.uk/pipermail/full-disclosure/2008-April/061271.html

secunia.com/advisories/29719

www.securityfocus.com/archive/1/490560/100/0/threaded

www.securityfocus.com/archive/1/490782/100/0/threaded

www.securityfocus.com/bid/28678

exchange.xforce.ibmcloud.com/vulnerabilities/41714

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.003

Percentile

68.5%

JSON

Related for CVE-2008-1716