CVE-2008-3739

{"id": "CVE-2008-3739", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2008-08-27T20:41:00.000", "references": [{"url": "http://jvn.jp/en/jp/JVN27417220/index.html", "source": "cve@mitre.org"}, {"url": "http://jvn.jp/en/jp/JVN52557009/index.html", "source": "cve@mitre.org"}, {"url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000048.html", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/31574", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/31582", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://wiz.syscon.co.jp/Details.htm", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/30791", "source": "cve@mitre.org"}, {"url": "http://www.spacetag.jp/modules/products/index.php?id=54", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44593", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in (1) System Consultants La!Cooda WIZ 1.4.0 and earlier and (2) SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving upload of files containing XSS sequences."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en (1) System Consultants La!Cooda WIZ 1.4.0 y anteriores y (2) SpaceTag LacoodaST 2.1.3 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n meediante vectores no especificados, posiblemente subiendo archivos que contienen secuencias XSS."}], "lastModified": "2017-08-08T01:32:07.747", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:spacetag:lacoodast:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0FC83794-AF5E-4132-9D39-DDFCC4676AAC", "versionEndIncluding": "2.1.3"}, {"criteria": "cpe:2.3:a:system_consultants:la_cooda_wiz:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D37B18AD-ED65-4D9B-92D1-80C0D74E98CB", "versionEndIncluding": "1.4.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}