Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2967

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-2967
Last Modified 29 Jan 2009 01:51:51
Published 02 Jul 2008 01:14:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-2967

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) query string to login.php and the (2) glb_sid parameter to hta/htmlarea.js.php, and allow remote authenticated users to inject arbitrary web script or HTML via an unspecified field in room.php.

Vulnerable Systems

Application

  • Yektaweb Academic Web Tools 1.4.2.8


References

XF - academicwebtools-multiple-xss(43178)

BID - 29813

BUGTRAQ - 20080619 Academic Web Tools CMS <= 1.4.2.8 Multiple Vulnerabilities

MISC - http://www.bugreport.ir/?/44

SREASON - 3959

SECUNIA - 30763


Last Updated: 27 May 2016 10:48:02