Lucene search

[email protected]CVE-2008-4727

HistoryOct 24, 2008 - 12:00 a.m.

CVE-2008-4727

2008-10-2400:00:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2008-4727

cross-site scripting

xss

vulnerability

sungard banner student 7.3

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.1%

JSON

Cross-site scripting (XSS) vulnerability in the contact update page (ss/bwgkoemr.P_UpdateEmrgContacts) in SunGard Banner Student 7.3 allows remote attackers to inject arbitrary web script or HTML via the addr1 parameter. NOTE: this might be resultant from a CSRF vulnerability, but there are insufficient details to be sure.

Affected configurations

NVD

Node

sungardbanner_studentMatch7.3

CPENameOperatorVersion
sungard:banner_studentsungard banner studenteq7.3

CPE	Name	Operator	Version
sungard:banner_student	sungard banner student	eq	7.3

References

downloads.securityfocus.com/vulnerabilities/exploits/27490.html

osvdb.org/41077

osvdb.org/41078

securityreason.com/securityalert/4494

www.securityfocus.com/archive/1/487250/100/200/threaded

www.securityfocus.com/bid/27490

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.1%

JSON

Related for CVE-2008-4727

cvelist1 nvd1 prion1