CVE-2009-3060

{"id": "CVE-2009-3060", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2009-09-03T17:30:17.860", "references": [{"url": "http://packetstormsecurity.org/0908-exploits/jboard-sql.txt", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2009/2473", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.org/0908-exploits/jboard-sql.txt", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2009/2473", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Joker Board (aka JBoard) 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the notice parameter to editform.php, (2) the edit_user_message parameter to core/edit_user_message.php, or (3) the user_title parameter to inc/head.inc.php, reachable through any PHP script."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Joker Board (tambi\u00e9n conocido como JBoard) v2.0 y anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de los par\u00e1metros (1) \"notice\" aeditform.php, (2) \"edit_user_message\" a core/edit_user_message.php, o (3) \"user_title parameter\" a inc/head.inc.php, posible mediante cualquier secuencia de comandos PHP."}], "lastModified": "2024-11-21T01:06:26.360", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:allpublication:jboard:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "18825BF9-B4C6-4BFF-8778-F800469E38D5", "versionEndIncluding": "2.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}