CVE-2008-6589

Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) index.php and (2) LightNEasy.php.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/29833	Vendor Advisory
http://www.osvdb.org/44676	Exploit
http://www.osvdb.org/44677	Exploit
http://www.securityfocus.com/archive/1/491064/100/0/threaded
http://www.securityfocus.com/bid/28839
https://exchange.xforce.ibmcloud.com/vulnerabilities/41888

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:lightneasy:lightneasy:1.2.2::no_database:::::
	cpe:2.3:a:sqlite:sqlite:1.2.2:::::::*

History

No history.

Information

Published : 2009-04-03 18:30

Updated : 2024-02-04 17:33

NVD link : CVE-2008-6589

Mitre link : CVE-2008-6589

CVE.ORG link : CVE-2008-6589

JSON object : View

Products Affected

lightneasy

lightneasy

sqlite

sqlite

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2008-6589", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2009-04-03T18:30:00.313", "references": [{"url": "http://secunia.com/advisories/29833", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/44676", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/44677", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/491064/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/28839", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41888", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy \"no database\" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) index.php and (2) LightNEasy.php."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en LightNEasy \"no database\" (tambi\u00e9n conocido como flat) v1.2.2, y posiblemente SQLite v1.2.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML de modo arbitrario a trav\u00e9s del par\u00e1metro \"page\" en (1) index.php y (2) LightNEasy.php."}], "lastModified": "2018-10-11T20:57:28.797", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:lightneasy:lightneasy:1.2.2:*:no_database:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F76F72FB-D3CE-4229-93B1-FE0A021972B0"}, {"criteria": "cpe:2.3:a:sqlite:sqlite:1.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "65EA4824-622E-4A2E-969F-05AF2C5B1F8C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}