Lucene search

MitreCVE-2008-3028

HistoryJul 07, 2008 - 6:41 p.m.

CVE-2008-3028

2008-07-0718:41:00

CWE-79

mitre

web.nvd.nist.gov

xss

vulnerabilities

typo3

send-a-card

remote attackers

web script

html

cve-2008-3028

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.003

Percentile

65.5%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the Send-A-Card (sr_sendcard) extension 2.2.2 and earlier for TYPO3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected configurations

Nvd

Node

typo3send_a_cardRange≤2.2.2

typo3send_a_cardMatch2.2

typo3send_a_cardMatch2.2.1

VendorProductVersionCPE
typo3send_a_card*cpe:2.3:a:typo3:send_a_card:*:*:*:*:*:*:*:*
typo3send_a_card2.2cpe:2.3:a:typo3:send_a_card:2.2:*:*:*:*:*:*:*
typo3send_a_card2.2.1cpe:2.3:a:typo3:send_a_card:2.2.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
typo3	send_a_card	*	cpe:2.3:a:typo3:send_a_card::::::::
typo3	send_a_card	2.2	cpe:2.3:a:typo3:send_a_card:2.2:::::::*
typo3	send_a_card	2.2.1	cpe:2.3:a:typo3:send_a_card:2.2.1:::::::*

References

osvdb.org/46624

secunia.com/advisories/30906

typo3.org/teams/security/security-bulletins/typo3-20080701-3/

www.securityfocus.com/bid/30028

exchange.xforce.ibmcloud.com/vulnerabilities/43510

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.003

Percentile

65.5%

JSON

Related for CVE-2008-3028