Lucene search

[email protected]CVE-2008-1916

HistoryApr 23, 2008 - 1:05 p.m.

CVE-2008-1916

2008-04-2313:05:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2008-1916

cross-site scripting

xss

ubercart

drupal

remote attackers

web script

html

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.0%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart 5.x before 5.x-1.0-rc1 module for Drupal allow remote attackers to inject arbitrary web script or HTML via text fields intended for the (1) address and (2) order information, which are later displayed on the order view page and unspecified other administrative pages, a different vulnerability than CVE-2008-1428.

Affected configurations

NVD

Node

drupalubercart_moduleMatch5-1.0rc1

CPENameOperatorVersion
drupal:ubercart_moduledrupal ubercart moduleeq5-1.0

CPE	Name	Operator	Version
drupal:ubercart_module	drupal ubercart module	eq	5-1.0

References

drupal.org/node/241944

www.vupen.com/english/advisories/2008/1083/references

exchange.xforce.ibmcloud.com/vulnerabilities/41624

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.0%

JSON

Related for CVE-2008-1916

nvd3 cvelist3 prion3 cve2