Lucene search

MitreCVE-2008-2176

HistoryMay 13, 2008 - 10:20 p.m.

CVE-2008-2176

2008-05-1322:20:00

CWE-79

mitre

web.nvd.nist.gov

cve-2008-2176

cross-site scripting

xss

vulnerability

zomplog

admin/category.php

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.003

Percentile

68.2%

JSON

Cross-site scripting (XSS) vulnerability in admin/category.php in Zomplog 3.8.2 allows remote attackers to inject arbitrary web script or HTML via the catname parameter.

Affected configurations

Nvd

Node

zompzomplogMatch3.8.2

VendorProductVersionCPE
zompzomplog3.8.2cpe:2.3:a:zomp:zomplog:3.8.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
zomp	zomplog	3.8.2	cpe:2.3:a:zomp:zomplog:3.8.2:::::::*

References

secunia.com/advisories/30062

securityreason.com/securityalert/3870

www.securityfocus.com/archive/1/491553/100/0/threaded

www.securityfocus.com/bid/29021

exchange.xforce.ibmcloud.com/vulnerabilities/42146

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.003

Percentile

68.2%

JSON

Related for CVE-2008-2176