Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2758

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2008-2758
Last Modified 25 Apr 2009 01:31:35
Published 18 Jun 2008 06:41:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2008-2758

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute News Manager XE 3.2 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) pblname and (2) text parameters to (a) admin/search.asp, (3) name parameter to (b) admin/publishers.asp, and other unspecified vectors to (c) anmviewer.asp and (d) editarticleX.asp in admin/. NOTE: some of these details are obtained from third party information.

Vulnerable Systems

Application

  • Xigla Absolute News Manager Xe 3.2


References

XF - absolutenews-search-publishers-xss(43042)

BID - 29672

SREASON - 3950

SECUNIA - 30643

BUGTRAQ - 20080611 Xigla Multiple Products - Multiple Vulnerabilities

MISC - http://bugreport.ir/index.php?/41


Last Updated: 27 May 2016 10:47:58