CVE-2008-7134

Multiple cross-site scripting (XSS) vulnerabilities in the default URI in Chris LaPointe RedGalaxy Download Center 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) file parameter, (2) message parameter in a login action, (3) category parameter in a browse action, (4) now parameter, or (5) search parameter in a search_results action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://download.redgalaxy.net/?nav=home	Patch
http://www.securityfocus.com/bid/28219	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/41198

Configurations

Configuration 1 (hide)

cpe:2.3:a:redgalaxy:download_center:1.2:*:*:*:*:*:*:*

History

No history.

Information

Published : 2009-09-01 16:30

Updated : 2024-02-04 17:33

NVD link : CVE-2008-7134

Mitre link : CVE-2008-7134

CVE.ORG link : CVE-2008-7134

JSON object : View

Products Affected

redgalaxy

download_center

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2008-7134", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2009-09-01T16:30:00.280", "references": [{"url": "http://download.redgalaxy.net/?nav=home", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/28219", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41198", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the default URI in Chris LaPointe RedGalaxy Download Center 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) file parameter, (2) message parameter in a login action, (3) category parameter in a browse action, (4) now parameter, or (5) search parameter in a search_results action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en la URI por defecto en Chris LaPointe RedGalaxy Download Center v1.2 permite a atacantes remotos inyectar c\u00f3digo web o HTML de su elecci\u00f3n a trav\u00e9s del (1) par\u00e1metro file,(2)par\u00e1metro message en una acci\u00f3n de login, (3) par\u00e1metro category en una acci\u00f3n browse, (4) par\u00e1metro now, o (5) par\u00e1metro search in una acci\u00f3n search_results. NOTA: la procedencia de esta informaci\u00f3n es desconocida; los detalles se han obtenido exclusivamente de informaci\u00f3n de Terceros. \t"}], "lastModified": "2017-08-17T01:29:50.757", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redgalaxy:download_center:1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "28DEFD25-2F46-4C51-BE6E-61DF4F9CE195"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}