CVE-2008-2698

{"id": "CVE-2008-2698", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2008-06-13T19:41:00.000", "references": [{"url": "http://securityreason.com/securityalert/3940", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/493143/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/29580", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42893", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in photo_add-c.php (aka the \"add comment\" section) in WEBalbum 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) id, or (3) category parameter."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en photo_add-c.php en WEBalbum 2.0 y anteriores, permite a atacantes remotos inyectar web script o HTML de su elecci\u00f3n a trav\u00e9s de los par\u00e1metros (1) comment, (2) id o (3) category."}], "lastModified": "2018-10-11T20:42:25.693", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:web-album:webalbum:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22CCD06B-0C63-41DA-8B60-5543BB1965D5"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}