Svi
Pretraži prema proizvođaču
Pretraži prema CWE oznaci
O usluzi
Pretplate
Jezik
hr
en
CVE-2008-1974 - CERT CVE
CVE-2008-1974
ID
CVE-2008-1974
Sažetak
Cross-site scripting (XSS) vulnerability in addevent.php in Horde Kronolith 2.1.7, Groupware Webmail Edition 1.0.6, and Groupware 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the url parameter.
Reference
http://forum.aria-security.com/showthread.php?t=49
http://lists.horde.org/archives/kronolith/Week-of-Mon-20080421/006807.html
http://osvdb.org/51238
http://secunia.com/advisories/29920
http://secunia.com/advisories/30649
http://securityreason.com/securityalert/3831
http://www.securityfocus.com/archive/1/491230/100/0/threaded
http://www.securityfocus.com/bid/28898
http://www.securitytracker.com/id?1019934
http://www.vupen.com/english/advisories/2008/1373/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41974
https://www.debian.org/security/2008/dsa-1560
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00427.html
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00444.html
CVSS
Base:
4.3
Impact:
2.9
Exploitability:
8.6
Pristup
Vektor
Složenost
Autentikacija
NETWORK
MEDIUM
NONE
Impact
Povjerljivost
Cjelovitost
Dostupnost
NONE
PARTIAL
NONE
CVSS vektor
AV:N/AC:M/Au:N/C:N/I:P/A:N
Zadnje važnije ažuriranje
11-10-2018 - 20:38
Objavljeno
27-04-2008 - 19:05
