CVE-2008-7017

{"id": "CVE-2008-7017", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2009-08-21T14:30:00.377", "references": [{"url": "http://www.cynops.de/advisories/AKLINK-SA-2008-007.txt", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/31481", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45515", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in analyse.php in CAcert 20080921, and possibly other versions before 20080928, allows remote attackers to inject arbitrary web script or HTML via the CN (CommonName) field in the subject of an X.509 certificate."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en analyse.php en CAcert 20080921, y posiblemente otras versiones anteriores a la 20080928, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante el campo CN (CommonName) del asunto de un certificado X.509."}], "lastModified": "2017-08-17T01:29:44.817", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cacert:cacert:20080921:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "27BE97DB-D007-4372-95F8-0EB488FA13AB"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}