CVE-2008-1037

Cross-site scripting (XSS) vulnerability in the file listing function in the web management interface in Packeteer PacketShaper and PolicyCenter 8.2.2 allows remote attackers to inject arbitrary web script or HTML via the FILELIST parameter to an arbitrary component, which triggers injection into an Error Report page.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/29119
http://securityreason.com/securityalert/3701
http://www.securityfocus.com/archive/1/488712/100/0/threaded
http://www.securityfocus.com/bid/27982	Exploit
http://www.securitytracker.com/id?1019501

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:packeteer:packetshaper:8.2.2:::::::*
	cpe:2.3:a:packeteer:policycenter:8.2.2:::::::*

History

No history.

Information

Published : 2008-02-27 19:44

Updated : 2024-02-04 17:13

NVD link : CVE-2008-1037

Mitre link : CVE-2008-1037

CVE.ORG link : CVE-2008-1037

JSON object : View

Products Affected

packeteer

policycenter
packetshaper

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2008-1037", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2008-02-27T19:44:00.000", "references": [{"url": "http://secunia.com/advisories/29119", "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/3701", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/488712/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/27982", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1019501", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the file listing function in the web management interface in Packeteer PacketShaper and PolicyCenter 8.2.2 allows remote attackers to inject arbitrary web script or HTML via the FILELIST parameter to an arbitrary component, which triggers injection into an Error Report page."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la funci\u00f3n file listing en la interfaz del gestor web en Packeteer PacketShaper y PolicyCenter 8.2.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro FILELIST en un componente de su elecci\u00f3n, el cual dispara una inyecci\u00f3n dentro de una p\u00e1gina de Error Report."}], "lastModified": "2018-10-11T20:29:09.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:packeteer:packetshaper:8.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11E3252C-7FA7-4B7B-BAC2-3B150F04393A"}, {"criteria": "cpe:2.3:a:packeteer:policycenter:8.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6FF2BE2-6733-4073-AC75-5003878EC74E"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}