Lucene search

MitreCVE-2008-4637

HistoryOct 21, 2008 - 6:00 p.m.

CVE-2008-4637

2008-10-2118:00:01

CWE-79

mitre

web.nvd.nist.gov

cve-2008-4637

cross-site scripting

xss

cpcommerce

security vulnerability

web script

html

remote attack

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.5

Confidence

High

EPSS

0.004

Percentile

74.1%

JSON

Cross-site scripting (XSS) vulnerability in cpCommerce before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors in the advanced search feature. NOTE: this is probably a variant of CVE-2008-4121.

Affected configurations

Nvd

Node

cpcommercecpcommerceRange≤1.2.3

cpcommercecpcommerceMatch0.5f

cpcommercecpcommerceMatch1.0.5

cpcommercecpcommerceMatch1.0.5.1

cpcommercecpcommerceMatch1.0.6

cpcommercecpcommerceMatch1.0.7

cpcommercecpcommerceMatch1.0.7.1

cpcommercecpcommerceMatch1.0.7.2

cpcommercecpcommerceMatch1.0.7.3

cpcommercecpcommerceMatch1.0.7.4

cpcommercecpcommerceMatch1.0.8

cpcommercecpcommerceMatch1.0.9

cpcommercecpcommerceMatch1.0.9a

cpcommercecpcommerceMatch1.1.0

cpcommercecpcommerceMatch1.2.0

cpcommercecpcommerceMatch1.2.1

cpcommercecpcommerceMatch1.2.2

VendorProductVersionCPE
cpcommercecpcommerce*cpe:2.3:a:cpcommerce:cpcommerce:*:*:*:*:*:*:*:*
cpcommercecpcommerce0.5fcpe:2.3:a:cpcommerce:cpcommerce:0.5f:*:*:*:*:*:*:*
cpcommercecpcommerce1.0.5cpe:2.3:a:cpcommerce:cpcommerce:1.0.5:*:*:*:*:*:*:*
cpcommercecpcommerce1.0.5.1cpe:2.3:a:cpcommerce:cpcommerce:1.0.5.1:*:*:*:*:*:*:*
cpcommercecpcommerce1.0.6cpe:2.3:a:cpcommerce:cpcommerce:1.0.6:*:*:*:*:*:*:*
cpcommercecpcommerce1.0.7cpe:2.3:a:cpcommerce:cpcommerce:1.0.7:*:*:*:*:*:*:*
cpcommercecpcommerce1.0.7.1cpe:2.3:a:cpcommerce:cpcommerce:1.0.7.1:*:*:*:*:*:*:*
cpcommercecpcommerce1.0.7.2cpe:2.3:a:cpcommerce:cpcommerce:1.0.7.2:*:*:*:*:*:*:*
cpcommercecpcommerce1.0.7.3cpe:2.3:a:cpcommerce:cpcommerce:1.0.7.3:*:*:*:*:*:*:*
cpcommercecpcommerce1.0.7.4cpe:2.3:a:cpcommerce:cpcommerce:1.0.7.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cpcommerce	cpcommerce	*	cpe:2.3:a:cpcommerce:cpcommerce::::::::
cpcommerce	cpcommerce	0.5f	cpe:2.3:a:cpcommerce:cpcommerce:0.5f:::::::*
cpcommerce	cpcommerce	1.0.5	cpe:2.3:a:cpcommerce:cpcommerce:1.0.5:::::::*
cpcommerce	cpcommerce	1.0.5.1	cpe:2.3:a:cpcommerce:cpcommerce:1.0.5.1:::::::*
cpcommerce	cpcommerce	1.0.6	cpe:2.3:a:cpcommerce:cpcommerce:1.0.6:::::::*
cpcommerce	cpcommerce	1.0.7	cpe:2.3:a:cpcommerce:cpcommerce:1.0.7:::::::*
cpcommerce	cpcommerce	1.0.7.1	cpe:2.3:a:cpcommerce:cpcommerce:1.0.7.1:::::::*
cpcommerce	cpcommerce	1.0.7.2	cpe:2.3:a:cpcommerce:cpcommerce:1.0.7.2:::::::*
cpcommerce	cpcommerce	1.0.7.3	cpe:2.3:a:cpcommerce:cpcommerce:1.0.7.3:::::::*
cpcommerce	cpcommerce	1.0.7.4	cpe:2.3:a:cpcommerce:cpcommerce:1.0.7.4:::::::*

Rows per page:

1-10 of 171

References

cpcommerce.cpradio.org/

exchange.xforce.ibmcloud.com/vulnerabilities/46090

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.5

Confidence

High

EPSS

0.004

Percentile

74.1%

JSON

Related for CVE-2008-4637