Lucene search

[email protected]NVD:CVE-2009-4473

HistoryDec 30, 2009 - 9:30 p.m.

CVE-2009-4473

2009-12-3021:30:00

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.002

Percentile

62.1%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in WorkArea/ContentDesigner/ekformsiframe.aspx in Ektron CMS400.NET 7.6.1.53 and 7.6.6.47, and possibly 7.52 through 7.66sp2, allow remote attackers to inject arbitrary web script or HTML via the (1) css, (2) eca, (3) id, and (4) skin parameters. NOTE: some of these details are obtained from third party information.

Affected configurations

Nvd

Node

ektroncms4000.netMatch7.6.0

ektroncms4000.netMatch7.6.0sp1

ektroncms4000.netMatch7.6.0sp2

ektroncms4000.netMatch7.6.1

ektroncms4000.netMatch7.6.1sp1

ektroncms4000.netMatch7.6.1sp2

ektroncms4000.netMatch7.6.1sp3

ektroncms4000.netMatch7.6.1sp4

ektroncms4000.netMatch7.6.1.53

ektroncms4000.netMatch7.6.5

ektroncms4000.netMatch7.6.5sp1

ektroncms4000.netMatch7.6.5sp2

ektroncms4000.netMatch7.6.5sp3

ektroncms4000.netMatch7.6.6

ektroncms4000.netMatch7.6.6sp1

ektroncms4000.netMatch7.6.6sp2

ektroncms4000.netMatch7.6.6.47

ektroncms4000.netMatch7.52

ektroncms4000.netMatch7.53

ektroncms4000.netMatch7.53sp2

ektroncms4000.netMatch7.54

ektroncms4000.netMatch7.54sp2

VendorProductVersionCPE
ektroncms4000.net7.6.0cpe:2.3:a:ektron:cms4000.net:7.6.0:*:*:*:*:*:*:*
ektroncms4000.net7.6.0cpe:2.3:a:ektron:cms4000.net:7.6.0:sp1:*:*:*:*:*:*
ektroncms4000.net7.6.0cpe:2.3:a:ektron:cms4000.net:7.6.0:sp2:*:*:*:*:*:*
ektroncms4000.net7.6.1cpe:2.3:a:ektron:cms4000.net:7.6.1:*:*:*:*:*:*:*
ektroncms4000.net7.6.1cpe:2.3:a:ektron:cms4000.net:7.6.1:sp1:*:*:*:*:*:*
ektroncms4000.net7.6.1cpe:2.3:a:ektron:cms4000.net:7.6.1:sp2:*:*:*:*:*:*
ektroncms4000.net7.6.1cpe:2.3:a:ektron:cms4000.net:7.6.1:sp3:*:*:*:*:*:*
ektroncms4000.net7.6.1cpe:2.3:a:ektron:cms4000.net:7.6.1:sp4:*:*:*:*:*:*
ektroncms4000.net7.6.1.53cpe:2.3:a:ektron:cms4000.net:7.6.1.53:*:*:*:*:*:*:*
ektroncms4000.net7.6.5cpe:2.3:a:ektron:cms4000.net:7.6.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ektron	cms4000.net	7.6.0	cpe:2.3:a:ektron:cms4000.net:7.6.0:::::::*
ektron	cms4000.net	7.6.0	cpe:2.3:a:ektron:cms4000.net:7.6.0:sp1::::::
ektron	cms4000.net	7.6.0	cpe:2.3:a:ektron:cms4000.net:7.6.0:sp2::::::
ektron	cms4000.net	7.6.1	cpe:2.3:a:ektron:cms4000.net:7.6.1:::::::*
ektron	cms4000.net	7.6.1	cpe:2.3:a:ektron:cms4000.net:7.6.1:sp1::::::
ektron	cms4000.net	7.6.1	cpe:2.3:a:ektron:cms4000.net:7.6.1:sp2::::::
ektron	cms4000.net	7.6.1	cpe:2.3:a:ektron:cms4000.net:7.6.1:sp3::::::
ektron	cms4000.net	7.6.1	cpe:2.3:a:ektron:cms4000.net:7.6.1:sp4::::::
ektron	cms4000.net	7.6.1.53	cpe:2.3:a:ektron:cms4000.net:7.6.1.53:::::::*
ektron	cms4000.net	7.6.5	cpe:2.3:a:ektron:cms4000.net:7.6.5:::::::*

Rows per page:

1-10 of 221

References

dev.ektron.com/forum.aspx?g=posts&t=28048

dev.ektron.com/notices.aspx?id=19074

osvdb.org/57667

secunia.com/advisories/36591

www.securityfocus.com/bid/36279

exchange.xforce.ibmcloud.com/vulnerabilities/53043

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.002

Percentile

62.1%

JSON

Related for NVD:CVE-2009-4473

cvelist1 prion1 nessus1 cve1