Lucene search

Ubuntu.comUB:CVE-2009-3581

HistoryDec 23, 2009 - 12:00 a.m.

CVE-2009-3581

2009-12-2300:00:00

ubuntu.com

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

EPSS

0.001

Percentile

42.2%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in SQL-Ledger 2.8.24
allow remote authenticated users to inject arbitrary web script or HTML via
(1) the DCN Description field in the Accounts Receivables menu item for Add
Transaction, (2) the Description field in the Accounts Payable menu item
for Add Transaction, or the name field in (3) the Customers menu item for
Add Customer or (4) the Vendor menu item for Add Vendor.

OSVersionArchitecturePackageVersionFilename
ubuntu16.04noarchsql-ledger< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	16.04	noarch	sql-ledger	< any	UNKNOWN

References

launchpad.net/bugs/cve/CVE-2009-3581

nvd.nist.gov/vuln/detail/CVE-2009-3581

security-tracker.debian.org/tracker/CVE-2009-3581

www.cve.org/CVERecord?id=CVE-2009-3581

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

EPSS

0.001

Percentile

42.2%

JSON

Related for UB:CVE-2009-3581