Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2011

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-2011
Last Modified 05 Sep 2008 12:00:00
Published 29 Apr 2008 08:10:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-2011

Summary

Cross-site scripting (XSS) vulnerability in the National Rail Enquiries Live Departure Boards gadget before 1.1 allows remote National Rail Enquiries servers or man-in-the-middle attackers to inject arbitrary web script or HTML, and execute arbitrary code, via a response body, as demonstrated by a SCRIPT element that references a vbscript: URI.

Vulnerable Systems

Application

  • National Rail Enquiries Live Departure Boards 1.1


References

MISC - http://www.mwrinfosecurity.com/publications/mwri_national-rail-enquiries-gadget-advisory_2008-04-24.pdf

XF - nationalrail-gadget-code-execution(42043)

BID - 28933

MISC - http://www.mwrinfosecurity.com/news/1690.html


Last Updated: 27 May 2016 10:47:44