CVE-2008-0867

Cross-site scripting (XSS) vulnerability in portal/server.pt in BEA AquaLogic Interaction 6.1 through MP1 and Plumtree Foundation 6.0 through SP1 allows remote attackers to inject arbitrary web script or HTML via the name parameter.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://dev2dev.bea.com/pub/advisory/259
http://secunia.com/advisories/29040	Vendor Advisory
http://www.procheckup.com/Vulnerability_PR06-12.php
http://www.securityfocus.com/archive/1/488346/100/100/threaded
http://www.securitytracker.com/id?1019440
http://www.vupen.com/english/advisories/2008/0610
http://dev2dev.bea.com/pub/advisory/259
http://secunia.com/advisories/29040	Vendor Advisory
http://www.procheckup.com/Vulnerability_PR06-12.php
http://www.securityfocus.com/archive/1/488346/100/100/threaded
http://www.securitytracker.com/id?1019440
http://www.vupen.com/english/advisories/2008/0610

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:bea_systems:aqualogic_interaction:6.1:::::::*
	cpe:2.3:a:bea_systems:aqualogic_interaction:6.1:mp1::::::
	cpe:2.3:a:bea_systems:plumtree_foundation:6.0:::::::*
	cpe:2.3:a:bea_systems:plumtree_foundation:6.0:sp1::::::

History

21 Nov 2024, 00:43

Type	Values Removed	Values Added
References	~~() http://dev2dev.bea.com/pub/advisory/259 -~~	() http://dev2dev.bea.com/pub/advisory/259 -
References	~~() http://secunia.com/advisories/29040 - Vendor Advisory~~	() http://secunia.com/advisories/29040 - Vendor Advisory
References	~~() http://www.procheckup.com/Vulnerability_PR06-12.php -~~	() http://www.procheckup.com/Vulnerability_PR06-12.php -
References	~~() http://www.securityfocus.com/archive/1/488346/100/100/threaded -~~	() http://www.securityfocus.com/archive/1/488346/100/100/threaded -
References	~~() http://www.securitytracker.com/id?1019440 -~~	() http://www.securitytracker.com/id?1019440 -
References	~~() http://www.vupen.com/english/advisories/2008/0610 -~~	() http://www.vupen.com/english/advisories/2008/0610 -

Information

Published : 2008-02-21 01:44

Updated : 2024-11-21 00:43

NVD link : CVE-2008-0867

Mitre link : CVE-2008-0867

CVE.ORG link : CVE-2008-0867

JSON object : View

Products Affected

bea_systems

plumtree_foundation
aqualogic_interaction

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2008-0867", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2008-02-21T01:44:00.000", "references": [{"url": "http://dev2dev.bea.com/pub/advisory/259", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/29040", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.procheckup.com/Vulnerability_PR06-12.php", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/488346/100/100/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1019440", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/0610", "source": "cve@mitre.org"}, {"url": "http://dev2dev.bea.com/pub/advisory/259", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/29040", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.procheckup.com/Vulnerability_PR06-12.php", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/488346/100/100/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id?1019440", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2008/0610", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in portal/server.pt in BEA AquaLogic Interaction 6.1 through MP1 and Plumtree Foundation 6.0 through SP1 allows remote attackers to inject arbitrary web script or HTML via the name parameter."}, {"lang": "es", "value": "Una vulnerabilidad de tipo cross-site scripting (XSS) en el archivo portal/server.pt en BEA AquaLogic Interaction versi\u00f3n 6.1 hasta MP1 y Plumtree Foundation versi\u00f3n 6.0 hasta SP1, permite a los atacantes remotos inyectar script web o HTML arbitrario por medio del par\u00e1metro name."}], "lastModified": "2024-11-21T00:43:06.543", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:bea_systems:aqualogic_interaction:6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B192BE8-A0E9-4B58-9A67-C4718F417648"}, {"criteria": "cpe:2.3:a:bea_systems:aqualogic_interaction:6.1:mp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D9474FD-20A1-4AB2-A426-54BB9ECF8C29"}, {"criteria": "cpe:2.3:a:bea_systems:plumtree_foundation:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A87594C6-5FCD-430F-A21F-06332FF24EC5"}, {"criteria": "cpe:2.3:a:bea_systems:plumtree_foundation:6.0:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E91F5AD2-0177-44FD-88D1-6831AC33E7C6"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

4.3 /10