CVE-2008-2082

{"id": "CVE-2008-2082", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2008-05-05T17:20:00.000", "references": [{"url": "http://ircrash.com/english/index.php?topic=29.0", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/28943", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42020", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/5499", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in index.php in Siteman 2.0.x2 allows remote attackers to inject arbitrary web script or HTML via the module parameter, which leaks the path in an error message."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en index.php en Siteman 2.0.x2 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante el par\u00e1metro module, que filtra la ruta en un mensaje de error."}], "lastModified": "2017-09-29T01:31:00.473", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:siteman:siteman:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CBEF2544-1283-4633-A854-632244BE487D"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}