Lucene search

MitreCVE-2009-0359

HistoryFeb 17, 2009 - 5:30 p.m.

CVE-2009-0359

2009-02-1717:30:05

CWE-79

mitre

web.nvd.nist.gov

cve-2009-0359

cross-site scripting

xss

samizdat

security vulnerability

remote authenticated users

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

44.4%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Samizdat before 0.6.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) message title or (2) user full name.

Affected configurations

Nvd

Node

nongnusamizdatRange≤0.6.1

VendorProductVersionCPE
nongnusamizdat*cpe:2.3:a:nongnu:samizdat:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
nongnu	samizdat	*	cpe:2.3:a:nongnu:samizdat::::::::

References

osvdb.org/52022

samizdat.nongnu.org/release-notes/samizdat-0.6.1-xss-escape-title.patch

www.mail-archive.com/debian-testing-security-announce%40lists.debian.org/msg00171.html

www.nongnu.org/samizdat/release-notes/samizdat-0.6.2.html

www.securityfocus.com/archive/1/500961/100/0/threaded

www.securityfocus.com/bid/33768

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

44.4%

JSON

Related for CVE-2009-0359