Lucene search

MitreCVE-2008-1896

HistoryApr 18, 2008 - 10:05 p.m.

CVE-2008-1896

2008-04-1822:05:00

CWE-79

mitre

web.nvd.nist.gov

cve-2008-1896

cross-site scripting

xss

carbon communities

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.003

Percentile

66.0%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Carbon Communities 2.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Redirect parameter to login.asp and the (2) OrderBy parameter to member_send.asp.

Affected configurations

Nvd

Node

carboncommunitiescarbon_communitiesRange≤2.4

carboncommunitiescarbon_communitiesMatch1.0

carboncommunitiescarbon_communitiesMatch1.1

carboncommunitiescarbon_communitiesMatch2.1

carboncommunitiescarbon_communitiesMatch2.2

carboncommunitiescarbon_communitiesMatch2.3

VendorProductVersionCPE
carboncommunitiescarbon_communities*cpe:2.3:a:carboncommunities:carbon_communities:*:*:*:*:*:*:*:*
carboncommunitiescarbon_communities1.0cpe:2.3:a:carboncommunities:carbon_communities:1.0:*:*:*:*:*:*:*
carboncommunitiescarbon_communities1.1cpe:2.3:a:carboncommunities:carbon_communities:1.1:*:*:*:*:*:*:*
carboncommunitiescarbon_communities2.1cpe:2.3:a:carboncommunities:carbon_communities:2.1:*:*:*:*:*:*:*
carboncommunitiescarbon_communities2.2cpe:2.3:a:carboncommunities:carbon_communities:2.2:*:*:*:*:*:*:*
carboncommunitiescarbon_communities2.3cpe:2.3:a:carboncommunities:carbon_communities:2.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
carboncommunities	carbon_communities	*	cpe:2.3:a:carboncommunities:carbon_communities::::::::
carboncommunities	carbon_communities	1.0	cpe:2.3:a:carboncommunities:carbon_communities:1.0:::::::*
carboncommunities	carbon_communities	1.1	cpe:2.3:a:carboncommunities:carbon_communities:1.1:::::::*
carboncommunities	carbon_communities	2.1	cpe:2.3:a:carboncommunities:carbon_communities:2.1:::::::*
carboncommunities	carbon_communities	2.2	cpe:2.3:a:carboncommunities:carbon_communities:2.2:::::::*
carboncommunities	carbon_communities	2.3	cpe:2.3:a:carboncommunities:carbon_communities:2.3:::::::*

References

bugreport.ir/index.php?/35

secunia.com/advisories/29827

www.securityfocus.com/archive/1/490923/100/0/threaded

www.securityfocus.com/bid/28806

exchange.xforce.ibmcloud.com/vulnerabilities/41846

www.exploit-db.com/exploits/5456

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.003

Percentile

66.0%

JSON

Related for CVE-2008-1896