Lucene search

[email protected]CVE-2008-3305

HistoryJul 25, 2008 - 4:41 p.m.

CVE-2008-3305

2008-07-2516:41:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2008-3305

cross-site scripting

xss

mensaje.php

c. desseno youtube blog

ytb 0.1

nvd

security vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.7%

JSON

Cross-site scripting (XSS) vulnerability in mensaje.php in C. Desseno YouTube Blog (ytb) 0.1 allows remote attackers to inject arbitrary web script or HTML via the m parameter.

Affected configurations

NVD

Node

carlos_dessenoyoutube_blogMatch0.1

CPENameOperatorVersion
carlos_desseno:youtube_blogcarlos desseno youtube blogeq0.1

CPE	Name	Operator	Version
carlos_desseno:youtube_blog	carlos desseno youtube blog	eq	0.1

References

secunia.com/advisories/31161

securityreason.com/securityalert/4037

www.securityfocus.com/bid/30345

exchange.xforce.ibmcloud.com/vulnerabilities/43953

www.exploit-db.com/exploits/6117

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.7%

JSON

Related for CVE-2008-3305

cvelist1 nvd1 prion1