CVE-2008-5399

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2008-5399
Cross-site scripting (XSS) vulnerability in the listonlineusers (aka "Who's online") component in mvnForum before 1.2.1 GA allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://osvdb.org/50403
http://secunia.com/advisories/32931 Vendor Advisory
http://security.bkis.vn/?p=286
http://securityreason.com/securityalert/4699
http://www.mvnforum.com/mvnforum/viewthread_thread%2C4361 URL Repurposed
http://www.securityfocus.com/archive/1/498872/100/0/threaded
http://www.securityfocus.com/bid/32605
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mvnforum:mvnforum:*:ga:*:*:*:*:*:*
cpe:2.3:a:mvnforum:mvnforum:1.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:mvnforum:mvnforum:1.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:mvnforum:mvnforum:1.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:mvnforum:mvnforum:1.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:mvnforum:mvnforum:1.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:mvnforum:mvnforum:1.0.0:rc3_01:*:*:*:*:*:*
cpe:2.3:a:mvnforum:mvnforum:1.0.0:rc4:*:*:*:*:*:*
cpe:2.3:a:mvnforum:mvnforum:1.0.2.:ga:*:*:*:*:*:*
cpe:2.3:a:mvnforum:mvnforum:1.1:ga:*:*:*:*:*:*
History

14 Feb 2024, 01:17

Type Values Removed Values Added
References () http://www.mvnforum.com/mvnforum/viewthread_thread%2C4361 - () http://www.mvnforum.com/mvnforum/viewthread_thread%2C4361 - URL Repurposed
Information

Published : 2008-12-10 06:44

Updated : 2024-02-14 01:17

NVD link : CVE-2008-5399

Mitre link : CVE-2008-5399

CVE.ORG link : CVE-2008-5399

JSON object : View

Products Affected

mvnforum

  • mvnforum
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')