Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3596

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-3596
Last Modified 07 Oct 2008 02:34:45
Published 12 Aug 2008 01:41:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-3596

Summary

Cross-site scripting (XSS) vulnerability in Harmoni before 1.4.7 allows remote attackers to inject arbitrary web script or HTML via the Username field, which is inserted into logs that could be rendered when viewed by an administrator.

Vulnerable Systems

Application

  • Harmoni 0.0.2

  • Harmoni 0.0.3

  • Harmoni 0.0.4

  • Harmoni 0.0.5

  • Harmoni 0.1.0

  • Harmoni 0.10.1

  • Harmoni 0.11.0

  • Harmoni 0.12.0

  • Harmoni 0.12.1

  • Harmoni 0.12.3

  • Harmoni 0.13.0

  • Harmoni 0.13.1

  • Harmoni 0.13.2

  • Harmoni 0.13.3

  • Harmoni 0.13.4

  • Harmoni 0.13.5

  • Harmoni 0.13.6

  • Harmoni 0.13.7

  • Harmoni 0.2.0

  • Harmoni 0.3.0

  • Harmoni 0.3.1

  • Harmoni 0.3.2

  • Harmoni 0.5.1

  • Harmoni 0.6.0

  • Harmoni 0.6.2

  • Harmoni 0.7.0

  • Harmoni 0.7.1

  • Harmoni 0.7.2

  • Harmoni 0.7.6

  • Harmoni 0.7.7

  • Harmoni 0.9.0

  • Harmoni 1.0.0

  • Harmoni 1.0.1

  • Harmoni 1.0.2

  • Harmoni 1.0.3

  • Harmoni 1.0.5

  • Harmoni 1.0.6

  • Harmoni 1.1.0

  • Harmoni 1.3.0

  • Harmoni 1.3.2

  • Harmoni 1.3.4

  • Harmoni 1.3.5

  • Harmoni 1.4.2

  • Harmoni 1.4.6


References

XF - harmoni-username-xss(44394)

BID - 30637

CONFIRM - http://sourceforge.net/tracker/index.php?func=detail&aid=2040255&group_id=82171&atid=1098812

SECUNIA - 31406


Last Updated: 27 May 2016 10:48:14