CVE-2008-4450

{"id": "CVE-2008-4450", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2008-10-06T23:25:50.490", "references": [{"url": "http://secunia.com/advisories/32134", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/31472", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45522", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/32134", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/31472", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45522", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in adodb.php in XAMPP for Windows 1.6.8 allows remote attackers to inject arbitrary web script or HTML via the (1) dbserver, (2) host, (3) user, (4) password, (5) database, and (6) table parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."}, {"lang": "es", "value": "Una vulnerabilidad de secuencias de com\u00e1ndos en sitios cruzados (XSS) en adodb.php en XAMPP para Windows 1.6.8 permite a atacantes remotos inyectar secuencias de com\u00e1ndos web o HTML arbitrarios a trav\u00e9s de los par\u00e1metros (1) dbserver, (2) host, (3) user, (4) password(5), database, y (6) table. NOTA: La procedencia de esta informaci\u00f3n es desconocida; los detalles se obtienen exclusivamente a partir de informaci\u00f3n de terceros."}], "lastModified": "2024-11-21T00:51:42.403", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache_friends:xampp:1.6.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "303A5179-E5AE-4CF3-8190-866DB2040C21"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}