Lucene search

[email protected]CVE-2009-1408

HistoryApr 24, 2009 - 2:30 p.m.

CVE-2009-1408

2009-04-2414:30:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2009-1408

cross-site scripting

xss

webspell

remote attackers

web script

html

javascript events

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.5%

JSON

Cross-site scripting (XSS) vulnerability in webSPELL 4.2.0c allows remote attackers to inject arbitrary web script or HTML allows remote attackers to inject arbitrary web script or HTML via Javascript events such as onmouseover in nested BBcode tags, as demonstrated using (1) email, (2) img, and (3) url tags.

Affected configurations

NVD

Node

webspellwebspellMatch4.2.0c

CPENameOperatorVersion
webspell:webspellwebspelleq4.2.0c

CPE	Name	Operator	Version
webspell:webspell	webspell	eq	4.2.0c

References

osvdb.org/53782

secunia.com/advisories/34764

www.securityfocus.com/archive/1/502732/100/0/threaded

www.securityfocus.com/bid/34595

www.webspell.org/index.php?site=files&file=25

www.webspell.org/index.php?site=news_comments&newsID=126&lang=uk

exchange.xforce.ibmcloud.com/vulnerabilities/49937

www.exploit-db.com/exploits/8453

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.5%

JSON

Related for CVE-2009-1408

nvd1 cvelist1 prion1