CVE-2009-4608

{"id": "CVE-2009-4608", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2010-01-13T11:30:00.623", "references": [{"url": "http://canon-its.jp/guardian/topics/200910ag.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://jvn.jp/en/jp/JVN33822756/index.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000066.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://osvdb.org/59058", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/37045", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2009/2973", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53822", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Canon IT Solutions Inc. ACCESSGUARDIAN 3.0.14 and earlier, and 3.5.6 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to authentication."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Canon IT Solutions Inc. ACCESSGUARDIAN v3.0.14 y anteriores y v3.5.6 y anteriores, permite a atacantes remotos inyectar secuencias arbitrarias de comandos web o HTML a trav\u00e9s de vectores desconocidos relacionados con la autenticaci\u00f3n."}], "lastModified": "2018-11-15T18:13:18.473", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:canon-its:accessguardian:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7CA66DE4-679A-4120-B7D1-6937799FA87E", "versionEndIncluding": "3.0.14", "versionStartIncluding": "3.0"}, {"criteria": "cpe:2.3:a:canon-its:accessguardian:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1BC40D5-CC39-49BA-B064-4B3410890D1B", "versionEndIncluding": "3.5.6", "versionStartIncluding": "3.5"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}