Lucene search

MitreCVE-2008-6325

HistoryFeb 27, 2009 - 11:30 a.m.

CVE-2008-6325

2009-02-2711:30:00

CWE-79

mitre

web.nvd.nist.gov

cve

2008

6325

cross-site scripting

xss

softbiz classifieds script

vulnerabilities

remote attackers

web script

html

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.002

Percentile

56.0%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Classifieds Script allow remote attackers to inject arbitrary web script or HTML via the (1) radio parameter to showcategory.php, (2) msg parameter to advertisers/signinform.php, (3) radio parameter to gallery.php, (4) msg parameter to lostpassword.php, (5) radio parameter to showcategory.php, (6) msg parameter to admin/adminhome.php, and (7) msg parameter to admin/index.php. NOTE: a different signinform.php file is already covered by CVE-2008-6306.

Affected configurations

Nvd

Node

softbizscriptsclassifieds_scriptMatch-

VendorProductVersionCPE
softbizscriptsclassifieds_script-cpe:2.3:a:softbizscripts:classifieds_script:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
softbizscripts	classifieds_script	-	cpe:2.3:a:softbizscripts:classifieds_script:-:::::::*

References

packetstorm.linuxsecurity.com/0812-exploits/classifieds-xss.txt

secunia.com/advisories/32828

www.securityfocus.com/bid/32569

exchange.xforce.ibmcloud.com/vulnerabilities/47008

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.002

Percentile

56.0%

JSON

Related for CVE-2008-6325