CVE-2008-3849

Sažetak

Cross-site scripting (XSS) vulnerability in the calendar controller in Civic Website Manager before 1.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably involving (1) month, (2) day, and (3) year fields.

Reference

http://secunia.com/advisories/31609
http://secunia.com/advisories/31641
http://sourceforge.net/project/shownotes.php?group_id=234663&release_id=621954
http://www.securityfocus.com/bid/30833
https://exchange.xforce.ibmcloud.com/vulnerabilities/44673

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

08-08-2017 - 01:32

Objavljeno

27-08-2008 - 23:41