CVE-2008-5720

Sažetak

Cross-site scripting (XSS) vulnerability in Mayaa before 1.1.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the default error page for the org.seasar.mayaa.impl.engine.PageNotFoundException exception and possibly other exceptions.

Reference

http://jvn.jp/en/jp/JVN17298485/index.html
http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000085.html
http://mayaa.seasar.org/news/vulnerability20081225.html
http://osvdb.org/51007
http://secunia.com/advisories/33333
http://www.securityfocus.com/bid/33015
https://exchange.xforce.ibmcloud.com/vulnerabilities/47623

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

08-08-2017 - 01:33

Objavljeno

26-12-2008 - 17:30