Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1048

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-1048
Last Modified 10 Nov 2011 12:00:00
Published 27 Feb 2008 02:44:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1048

Summary

Cross-site scripting (XSS) vulnerability in manager/xmedia.php in Plume CMS 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the dir parameter.

Vulnerable Systems

Application

  • Plume-cms Plume Cms 1.2.2


References

XF - plume-xmedia-xss(40841)

SECTRACK - 1019507

BID - 27999

MISC - http://www.digitrustgroup.com/advisories/web-application-security-plume-cms.html

SECUNIA - 29116


Last Updated: 27 May 2016 10:47:01