Lucene search

[email protected]CVE-2008-7250

HistoryOct 03, 2022 - 4:13 p.m.

CVE-2008-7250

2022-10-0316:13:53

CWE-79

[email protected]

web.nvd.nist.gov

cve-2008-7250

cross-site scripting

xss

squid analysis report generator

sarg

security vulnerability

nvd

cve

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.4 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.9%

JSON

Cross-site scripting (XSS) vulnerability in Squid Analysis Report Generator (Sarg) 2.2.4 allows remote attackers to inject arbitrary web script or HTML via a JavaScript onload event in the User-Agent header, which is not properly handled when displaying the Squid proxy log. NOTE: this issue exists because of an incomplete fix for CVE-2008-1168.

Affected configurations

NVD

Node

pedro_lineu_orsosargMatch2.2.4

CPENameOperatorVersion
pedro_lineu_orso:sargpedro lineu orso sargeq2.2.4

CPE	Name	Operator	Version
pedro_lineu_orso:sarg	pedro lineu orso sarg	eq	2.2.4

References

secunia.com/advisories/28668

sourceforge.net/project/shownotes.php?release_id=581509

www.vupen.com/english/advisories/2008/0750

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.4 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.9%

JSON

Related for CVE-2008-7250

ubuntucve2 nvd2 cvelist2 debiancve2 prion2 nessus3 cve1 openvas4 securityvulns2 gentoo1