CVE-2008-1548

Multiple cross-site scripting (XSS) vulnerabilities in Aeries Browser Interface (ABI) 3.8.3.14 in Eagle Software Aries Student Information System allow remote attackers to inject arbitrary web script or HTML via the (1) UserName parameter to loginproc.asp and the (2) usr parameter to Login.asp.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/29533	Vendor Advisory
http://securityreason.com/securityalert/3787
http://www.securityfocus.com/archive/1/490033/100/0/threaded
http://www.securityfocus.com/bid/28436
https://exchange.xforce.ibmcloud.com/vulnerabilities/41430

Configurations

Configuration 1 (hide)

cpe:2.3:a:aeries:aeries_student_information_system:3.8.3.14:*:*:*:*:*:*:*

History

No history.

Information

Published : 2008-03-31 17:44

Updated : 2024-02-04 17:33

NVD link : CVE-2008-1548

Mitre link : CVE-2008-1548

CVE.ORG link : CVE-2008-1548

JSON object : View

Products Affected

aeries

aeries_student_information_system

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2008-1548", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2008-03-31T17:44:00.000", "references": [{"url": "http://secunia.com/advisories/29533", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/3787", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/490033/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/28436", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41430", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Aeries Browser Interface (ABI) 3.8.3.14 in Eagle Software Aries Student Information System allow remote attackers to inject arbitrary web script or HTML via the (1) UserName parameter to loginproc.asp and the (2) usr parameter to Login.asp."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Aeries Browser Interface (ABI) 3.8.3.14 de Eagle Software Aries Student Information System permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de los par\u00e1metros 1) UserName a loginproc.asp y (2) usr a Login.asp."}], "lastModified": "2018-10-11T20:35:26.850", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:aeries:aeries_student_information_system:3.8.3.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1B07F91-4566-4553-8BCC-69DCC66BCC34"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}