Lucene search

[email protected]CVE-2008-3391

HistoryJul 31, 2008 - 4:41 p.m.

CVE-2008-3391

2008-07-3116:41:00

CWE-79

[email protected]

web.nvd.nist.gov

cve

2008

3391

cross-site scripting

xss

web wiz forum

vulnerabilities

remote attack

html injection

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.3%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Web Wiz Forum 9.5 allow remote attackers to inject arbitrary web script or HTML via the mode parameter to (1) admin_group_details.asp and (2) admin_category_details.asp.

Affected configurations

NVD

Node

webwizguideweb_wiz_forumMatch9.5

CPENameOperatorVersion
webwizguide:web_wiz_forumwebwizguide web wiz forumeq9.5

CPE	Name	Operator	Version
webwizguide:web_wiz_forum	webwizguide web wiz forum	eq	9.5

References

depo2.nm.ru/WebWiz_Forum_v9.5_XSS.txt

depo2.nm.ru/WebWiz_Forum_v9.5_XSS2.txt

secunia.com/advisories/31281

www.securityfocus.com/bid/30398

exchange.xforce.ibmcloud.com/vulnerabilities/44012

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.3%

JSON

Related for CVE-2008-3391

prion1 nvd1 cvelist1