Lucene search

[email protected]NVD:CVE-2008-2566

HistoryJun 06, 2008 - 6:32 p.m.

CVE-2008-2566

2008-06-0618:32:00

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.004

Percentile

72.6%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the group parameter to (1) index.php or (2) the default URI.

Affected configurations

Nvd

Node

php-address_bookphp-address_bookRange≤3.1.5

VendorProductVersionCPE
php-address_bookphp-address_book*cpe:2.3:a:php-address_book:php-address_book:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
php-address_book	php-address_book	*	cpe:2.3:a:php-address_book:php-address_book::::::::

References

packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html

secunia.com/advisories/30540

exchange.xforce.ibmcloud.com/vulnerabilities/42856

exchange.xforce.ibmcloud.com/vulnerabilities/99624

www.exploit-db.com/exploits/5739

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.004

Percentile

72.6%

JSON

Related for NVD:CVE-2008-2566

cve2 prion2 cvelist2 nvd1 exploitdb2