CVE-2008-2075

Cross-site scripting (XSS) vulnerability in pic.php in AstroCam 2.5.0 through 2.7.3 allows remote attackers to inject arbitrary web script or HTML via the picfile parameter.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://astrocam.svn.sourceforge.net/viewvc/astrocam/BUGS?view=markup
http://astrocam.svn.sourceforge.net/viewvc/astrocam/CHANGELOG?view=markup
http://astrocam.svn.sourceforge.net/viewvc/astrocam/v2.x/pic.php?r1=125&r2=126	Exploit Patch
http://secunia.com/advisories/30039	Vendor Advisory
http://securityreason.com/securityalert/3852
http://www.securityfocus.com/archive/1/491513/100/0/threaded
http://www.securityfocus.com/bid/28998	Patch
http://www.wendzel.de/?sub=showpost&blogid=5&postid=56
https://exchange.xforce.ibmcloud.com/vulnerabilities/42122
http://astrocam.svn.sourceforge.net/viewvc/astrocam/BUGS?view=markup
http://astrocam.svn.sourceforge.net/viewvc/astrocam/CHANGELOG?view=markup
http://astrocam.svn.sourceforge.net/viewvc/astrocam/v2.x/pic.php?r1=125&r2=126	Exploit Patch
http://secunia.com/advisories/30039	Vendor Advisory
http://securityreason.com/securityalert/3852
http://www.securityfocus.com/archive/1/491513/100/0/threaded
http://www.securityfocus.com/bid/28998	Patch
http://www.wendzel.de/?sub=showpost&blogid=5&postid=56
https://exchange.xforce.ibmcloud.com/vulnerabilities/42122

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:astrocam:astrocam:2.5.0:::::::*
	cpe:2.3:a:astrocam:astrocam:2.5.1:::::::*
	cpe:2.3:a:astrocam:astrocam:2.5.2:::::::*
	cpe:2.3:a:astrocam:astrocam:2.5.3:::::::*
	cpe:2.3:a:astrocam:astrocam:2.5.4:::::::*
	cpe:2.3:a:astrocam:astrocam:2.5.5:::::::*
	cpe:2.3:a:astrocam:astrocam:2.5.5:p1::::::
	cpe:2.3:a:astrocam:astrocam:2.5.6:::::::*
	cpe:2.3:a:astrocam:astrocam:2.5.6:p1::::::
	cpe:2.3:a:astrocam:astrocam:2.5.7:::::::*
	cpe:2.3:a:astrocam:astrocam:2.5.8:::::::*
	cpe:2.3:a:astrocam:astrocam:2.5.8:p1::::::
	cpe:2.3:a:astrocam:astrocam:2.5.8:p2::::::
	cpe:2.3:a:astrocam:astrocam:2.5.9:::::::*
	cpe:2.3:a:astrocam:astrocam:2.6.0:::::::*
	cpe:2.3:a:astrocam:astrocam:2.6.1:::::::*
	cpe:2.3:a:astrocam:astrocam:2.6.2:::::::*
	cpe:2.3:a:astrocam:astrocam:2.6.3:::::::*
	cpe:2.3:a:astrocam:astrocam:2.6.4:::::::*
	cpe:2.3:a:astrocam:astrocam:2.6.5:::::::*
	cpe:2.3:a:astrocam:astrocam:2.6.6:::::::*
	cpe:2.3:a:astrocam:astrocam:2.7.0:::::::*
	cpe:2.3:a:astrocam:astrocam:2.7.1:::::::*
	cpe:2.3:a:astrocam:astrocam:2.7.2:::::::*
	cpe:2.3:a:astrocam:astrocam:2.7.3:::::::*

History

21 Nov 2024, 00:46

Type	Values Removed	Values Added
References	~~() http://astrocam.svn.sourceforge.net/viewvc/astrocam/BUGS?view=markup -~~	() http://astrocam.svn.sourceforge.net/viewvc/astrocam/BUGS?view=markup -
References	~~() http://astrocam.svn.sourceforge.net/viewvc/astrocam/CHANGELOG?view=markup -~~	() http://astrocam.svn.sourceforge.net/viewvc/astrocam/CHANGELOG?view=markup -
References	~~() http://astrocam.svn.sourceforge.net/viewvc/astrocam/v2.x/pic.php?r1=125&r2=126 - Exploit, Patch~~	() http://astrocam.svn.sourceforge.net/viewvc/astrocam/v2.x/pic.php?r1=125&r2=126 - Exploit, Patch
References	~~() http://secunia.com/advisories/30039 - Vendor Advisory~~	() http://secunia.com/advisories/30039 - Vendor Advisory
References	~~() http://securityreason.com/securityalert/3852 -~~	() http://securityreason.com/securityalert/3852 -
References	~~() http://www.securityfocus.com/archive/1/491513/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/491513/100/0/threaded -
References	~~() http://www.securityfocus.com/bid/28998 - Patch~~	() http://www.securityfocus.com/bid/28998 - Patch
References	~~() http://www.wendzel.de/?sub=showpost&blogid=5&postid=56 -~~	() http://www.wendzel.de/?sub=showpost&blogid=5&postid=56 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/42122 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/42122 -

Information

Published : 2008-05-05 16:20

Updated : 2024-11-21 00:46

NVD link : CVE-2008-2075

Mitre link : CVE-2008-2075

CVE.ORG link : CVE-2008-2075

JSON object : View

Products Affected

astrocam

astrocam

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2008-2075", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2008-05-05T16:20:00.000", "references": [{"url": "http://astrocam.svn.sourceforge.net/viewvc/astrocam/BUGS?view=markup", "source": "cve@mitre.org"}, {"url": "http://astrocam.svn.sourceforge.net/viewvc/astrocam/CHANGELOG?view=markup", "source": "cve@mitre.org"}, {"url": "http://astrocam.svn.sourceforge.net/viewvc/astrocam/v2.x/pic.php?r1=125&r2=126", "tags": ["Exploit", "Patch"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/30039", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/3852", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/491513/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/28998", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.wendzel.de/?sub=showpost&blogid=5&postid=56", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42122", "source": "cve@mitre.org"}, {"url": "http://astrocam.svn.sourceforge.net/viewvc/astrocam/BUGS?view=markup", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://astrocam.svn.sourceforge.net/viewvc/astrocam/CHANGELOG?view=markup", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://astrocam.svn.sourceforge.net/viewvc/astrocam/v2.x/pic.php?r1=125&r2=126", "tags": ["Exploit", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/30039", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securityreason.com/securityalert/3852", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/491513/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/28998", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.wendzel.de/?sub=showpost&blogid=5&postid=56", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42122", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in pic.php in AstroCam 2.5.0 through 2.7.3 allows remote attackers to inject arbitrary web script or HTML via the picfile parameter."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) de pic.php en AstroCam de 2.5.0 a 2.7.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML mediante el par\u00e1metro picfile."}], "lastModified": "2024-11-21T00:46:01.507", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:astrocam:astrocam:2.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "99A2AFD9-24AD-454E-87FA-83A27AD3BA0D"}, {"criteria": "cpe:2.3:a:astrocam:astrocam:2.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BCCCF051-AFDB-40DA-B93C-C07F7CAD564D"}, {"criteria": "cpe:2.3:a:astrocam:astrocam:2.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80AA1DCC-99B7-4E82-9BF6-093EA98E60CD"}, {"criteria": "cpe:2.3:a:astrocam:astrocam:2.5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9EB62D68-2A7A-45EE-BAF2-CD3394F49A17"}, {"criteria": "cpe:2.3:a:astrocam:astrocam:2.5.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7224E832-287B-4378-A360-F90D87549426"}, {"criteria": "cpe:2.3:a:astrocam:astrocam:2.5.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "08B0E5A9-D77F-43A3-BD11-8A14466F6D09"}, {"criteria": "cpe:2.3:a:astrocam:astrocam:2.5.5:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6EAB72BB-787C-4B30-B7E6-CF9AD550CAD8"}, {"criteria": "cpe:2.3:a:astrocam:astrocam:2.5.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43164F7D-31FF-48FB-B2F3-FA34F8C7A030"}, {"criteria": "cpe:2.3:a:astrocam:astrocam:2.5.6:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49C4A05D-9942-417D-A133-66A366F14AFC"}, {"criteria": "cpe:2.3:a:astrocam:astrocam:2.5.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "712F6277-3B1A-4133-92C9-1DDA455815E5"}, {"criteria": "cpe:2.3:a:astrocam:astrocam:2.5.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE50D24B-F7A8-48C9-B18D-119D5671FB8D"}, {"criteria": "cpe:2.3:a:astrocam:astrocam:2.5.8:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ADBC9462-E244-4F7F-ACAE-A592C6C87D87"}, {"criteria": "cpe:2.3:a:astrocam:astrocam:2.5.8:p2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9CA42049-7501-4D92-B97E-4E8C8FBD62E0"}, {"criteria": "cpe:2.3:a:astrocam:astrocam:2.5.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "86D14520-5C29-48B6-96B0-33977A34A8B1"}, {"criteria": "cpe:2.3:a:astrocam:astrocam:2.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9802B372-246A-4D77-8DE7-252F4D454309"}, {"criteria": "cpe:2.3:a:astrocam:astrocam:2.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B5EF667B-4C7F-4451-A96F-E642C77FC939"}, {"criteria": "cpe:2.3:a:astrocam:astrocam:2.6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F1B00A4-D450-4B41-AF0A-E427EA2004DE"}, {"criteria": "cpe:2.3:a:astrocam:astrocam:2.6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9E578C5A-F420-430B-8B29-0946AD628AFC"}, {"criteria": "cpe:2.3:a:astrocam:astrocam:2.6.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07852EC5-6F5A-47E8-8EF2-E403CDC88C3A"}, {"criteria": "cpe:2.3:a:astrocam:astrocam:2.6.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C9F52BA6-E167-4721-A069-CB8B200BD167"}, {"criteria": "cpe:2.3:a:astrocam:astrocam:2.6.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B757B86-AAE8-4632-9FC2-4BCBDDA4536A"}, {"criteria": "cpe:2.3:a:astrocam:astrocam:2.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4FB38BA9-8EA4-4C59-9E40-7398C7E96F3A"}, {"criteria": "cpe:2.3:a:astrocam:astrocam:2.7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EFE5C68C-1CD1-4991-8D61-A597EEB1E928"}, {"criteria": "cpe:2.3:a:astrocam:astrocam:2.7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6210F08A-A2AB-4E9B-A6F5-CA49256510CA"}, {"criteria": "cpe:2.3:a:astrocam:astrocam:2.7.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C14920D-A4A5-4B18-9304-41C7589D6614"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

4.3 /10