Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2335

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-2335
Last Modified 23 Mar 2015 09:59:02
Published 19 May 2008 09:20:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-2335

Summary

Cross-site scripting (XSS) vulnerability in search_results.php in Vastal I-Tech phpVID 1.1 and 1.2 allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: some of these details are obtained from third party information. NOTE: it was later reported that 1.2.3 is also affected.

Vulnerable Systems

Application

  • Vastal Phpvid 1.2


References

XF - phpvid-query-xss(42450)

VUPEN - ADV-2008-2552

BID - 29238

MILW0RM - 6422

SECUNIA - 30152

MISC - http://holisticinfosec.org/content/view/65/45/

EXPLOIT-DB - 27519

MISC - http://packetstormsecurity.com/files/122746/PHP-VID-XSS-SQL-Injection-CRLF-Injection.html

OSVDB - 45171

MISC - http://tetraph.com/security/xss-vulnerability/vastal-i-tech-phpvid-1-2-3-multiple-xss-cross-site-scripting-security-vulnerabilities/

FULLDISC - 20150310 Vastal I-tech phpVID 1.2.3 Multiple XSS (Cross-site Scripting) Security Vulnerabilities

MISC - http://packetstormsecurity.com/files/130755/Vastal-I-tech-phpVID-1.2.3-Cross-Site-Scripting.html


Last Updated: 27 May 2016 11:08:09