CVE-2008-7018

{"id": "CVE-2008-7018", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2009-08-21T14:30:00.390", "references": [{"url": "http://www.securityfocus.com/archive/1/496796", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/31478", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45517", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in NashTech Easy PHP Calendar 6.3.25 allows remote attackers to inject arbitrary web script or HTML via the Details field (descr parameter) in an Add New Event action in an unspecified request as generated by an add action in index.php."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en NashTech Easy PHP Calendar 6.3.25 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante el campo Details (par\u00e1metro descr) en una acci\u00f3n Add New Event en una petici\u00f3n no especificada, tal y como es generada por una acci\u00f3n add en index.php."}], "lastModified": "2017-08-17T01:29:44.880", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nashtech:easy_php_calendar:6.3.25:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7470B1DC-31D6-4639-9F15-062FB2F52381"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}