Lucene search

[email protected]CVE-2008-3849

HistoryAug 27, 2008 - 11:41 p.m.

CVE-2008-3849

2008-08-2723:41:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2008-3849

cross-site scripting

xss

civic website manager

remote attackers

arbitrary web script

html

security vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.6%

JSON

Cross-site scripting (XSS) vulnerability in the calendar controller in Civic Website Manager before 1.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably involving (1) month, (2) day, and (3) year fields.

Affected configurations

NVD

Node

civic-cmscivic-cmsRange≤1.0

CPENameOperatorVersion
civic-cms:civic-cmscivic-cmsle1.0

CPE	Name	Operator	Version
civic-cms:civic-cms	civic-cms	le	1.0

References

secunia.com/advisories/31609

secunia.com/advisories/31641

sourceforge.net/project/shownotes.php?group_id=234663&release_id=621954

www.securityfocus.com/bid/30833

exchange.xforce.ibmcloud.com/vulnerabilities/44673

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.6%

JSON

Related for CVE-2008-3849

nvd1 prion1 cvelist1