Lucene search

[email protected]CVE-2008-3098

HistorySep 24, 2008 - 2:56 p.m.

CVE-2008-3098

2008-09-2414:56:49

CWE-79

[email protected]

web.nvd.nist.gov

cve

2008

3098

cross-site scripting

xss

vulnerability

admin

usercheck.php

fuzzylime

cms

web script

html

remote attackers

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.2%

JSON

Cross-site scripting (XSS) vulnerability in admin/usercheck.php in fuzzylime (cms) before 3.03 allows remote attackers to inject arbitrary web script or HTML via the user parameter to the login form.

Affected configurations

NVD

Node

fuzzylimefuzzylime_cmsMatch3.0

fuzzylimefuzzylime_cmsMatch3.01

fuzzylimefuzzylime_cmsMatch3.01a

fuzzylimefuzzylime_cmsMatch3.01b

fuzzylimefuzzylime_cmsMatch3.02

CPENameOperatorVersion
fuzzylime:fuzzylime_cmsfuzzylime fuzzylime cmseq3.0
fuzzylime:fuzzylime_cmsfuzzylime fuzzylime cmseq3.01
fuzzylime:fuzzylime_cmsfuzzylime fuzzylime cmseq3.01a
fuzzylime:fuzzylime_cmsfuzzylime fuzzylime cmseq3.01b
fuzzylime:fuzzylime_cmsfuzzylime fuzzylime cmseq3.02

CPE	Name	Operator	Version
fuzzylime:fuzzylime_cms	fuzzylime fuzzylime cms	eq	3.0
fuzzylime:fuzzylime_cms	fuzzylime fuzzylime cms	eq	3.01
fuzzylime:fuzzylime_cms	fuzzylime fuzzylime cms	eq	3.01a
fuzzylime:fuzzylime_cms	fuzzylime fuzzylime cms	eq	3.01b
fuzzylime:fuzzylime_cms	fuzzylime fuzzylime cms	eq	3.02

References

cms.fuzzylime.co.uk/st/content/download/

secunia.com/advisories/31980

securityreason.com/securityalert/4303

www.datensalat.eu/~fabian/cve/CVE-2008-3098-fuzzylime-cms.html

www.securityfocus.com/archive/1/496589/100/0/threaded

www.securityfocus.com/bid/31306

www.vupen.com/english/advisories/2008/2650

exchange.xforce.ibmcloud.com/vulnerabilities/45342

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.2%

JSON

Related for CVE-2008-3098

securityvulns2 prion1 packetstorm1 cvelist1 nvd1