CVE-2009-4416

{"id": "CVE-2009-4416", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2009-12-24T16:30:00.483", "references": [{"url": "http://kambing.ui.ac.id/gentoo-portage/www-apps/phpgroupware/files/phpgroupware-SA35519.patch", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/35519", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/login.php?r1=19063&r2=19117&pathrev=19117&sortby=date&root=phpgroupware", "source": "cve@mitre.org"}, {"url": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/phpgwapi/doc/CHANGELOG?r1=17045&r2=19117&pathrev=19117&sortby=date&root=phpgroupware", "source": "cve@mitre.org"}, {"url": "http://svn.savannah.gnu.org/viewvc?view=rev&root=phpgroupware&sortby=date&revision=19117", "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2009/12/20/1", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/56179", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/35761", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51923", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in login.php in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, allows remote attackers to inject arbitrary web script or HTML via an arbitrary parameter whose name begins with the \"phpgw_\" sequence."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en login.php en phpGroupWare v0.9.16.12, y probablemente otras versiones anteriores a v0.9.16.014, permite a atacantes remotos inyectar c\u00f3digo web y HTML de su elecci\u00f3n a trav\u00e9s de un par\u00e1metro elegido cuyo nombre empieza con la secuencia \"phpgw_\"."}], "lastModified": "2017-08-17T01:31:34.647", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C58F242-81C3-4739-B28D-2D2FD8F0DEE1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}