CVE-2009-1175

{"id": "CVE-2009-1175", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2009-03-31T14:09:53.890", "references": [{"url": "http://bugzilla.gnome.org/show_bug.cgi?id=577270", "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2009/03/30/2", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in apps/web/vs_diag.cgi in the DAAP extension in Banshee 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the server parameter, which is not properly handled in an error message."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en apps/web/vs_diag.cgi en la extensi\u00f3n DAAP en Banshee v1.4.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro \"server\", que no permite un manejo adecuado en un mensaje de error."}], "lastModified": "2009-04-02T05:45:53.610", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:banshee-project:banshee:1.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A13354B-324C-448B-A1DF-9DDB60D914CE"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}