Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0980

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-0980
Last Modified 05 Sep 2008 05:36:29
Published 25 Feb 2008 06:44:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-0980

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Spyce - Python Server Pages (PSP) 2.1.3 allow remote attackers to inject arbitrary web script or HTML via (1) the url or type parameter to docs/examples/redirect.spy; (2) the x parameter to docs/examples/handlervalidate.spy; (3) the name parameter to spyce/examples/request.spy; (4) the Name parameter to spyce/examples/getpost.spy; (5) the mytextarea parameter, the mypass parameter, or an empty parameter to spyce/examples/formtag.spy; (6) the newline parameter to the default URI under demos/chat/; (7) the text1 parameter to docs/examples/formintro.spy; or (8) the mytext or mydate parameter to docs/examples/formtag.spy.

Vulnerable Systems

Application

  • Spyce 2.1.3


References

BID - 27898

BUGTRAQ - 20080219 PR08-01: Several XSS, a cross-domain redirect and a webroot disclosure on Spyce - Python Server Pages (PSP)

MISC - http://www.procheckup.com/Vulnerability_PR08-01.php

SREASON - 3699


Last Updated: 27 May 2016 10:46:58