Lucene search

MitreCVE-2008-5126

HistoryNov 18, 2008 - 2:30 a.m.

CVE-2008-5126

2008-11-1802:30:00

CWE-79

mitre

web.nvd.nist.gov

cve-2008-5126

cross-site scripting

xss

boutikone cms

search.php

security vulnerability

web script injection

html injection

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.002

Percentile

57.2%

JSON

Cross-site scripting (XSS) vulnerability in search.php in BoutikOne CMS allows remote attackers to inject arbitrary web script or HTML via the search_query parameter.

Affected configurations

Nvd

Node

boutikoneboutikone_cms

VendorProductVersionCPE
boutikoneboutikone_cms*cpe:2.3:a:boutikone:boutikone_cms:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
boutikone	boutikone_cms	*	cpe:2.3:a:boutikone:boutikone_cms::::::::

References

packetstorm.linuxsecurity.com/0811-exploits/boutikone-xss.txt

secunia.com/advisories/32757

www.securityfocus.com/bid/32321

exchange.xforce.ibmcloud.com/vulnerabilities/46621

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.002

Percentile

57.2%

JSON

Related for CVE-2008-5126