Lucene search

[email protected]NVD:CVE-2009-1175

HistoryMar 31, 2009 - 2:09 p.m.

CVE-2009-1175

2009-03-3114:09:53

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

48.5%

JSON

Cross-site scripting (XSS) vulnerability in apps/web/vs_diag.cgi in the DAAP extension in Banshee 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the server parameter, which is not properly handled in an error message.

Affected configurations

Nvd

Node

banshee-projectbansheeMatch1.4.2

VendorProductVersionCPE
banshee-projectbanshee1.4.2cpe:2.3:a:banshee-project:banshee:1.4.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
banshee-project	banshee	1.4.2	cpe:2.3:a:banshee-project:banshee:1.4.2:::::::*

References

bugzilla.gnome.org/show_bug.cgi?id=577270

www.openwall.com/lists/oss-security/2009/03/30/2

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

48.5%

JSON

Related for NVD:CVE-2009-1175

prion1 cvelist1 ubuntucve1 debiancve1 redhatcve1 cve1