Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3849

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-3849
Last Modified 10 Sep 2008 09:13:31
Published 27 Aug 2008 07:41:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-3849

Summary

Cross-site scripting (XSS) vulnerability in the calendar controller in Civic Website Manager before 1.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably involving (1) month, (2) day, and (3) year fields.

Vulnerable Systems

Application

  • Civic-cms 1.0


References

BID - 30833

SECUNIA - 31609

XF - civic-website-calendar-xss(44673)

CONFIRM - http://sourceforge.net/project/shownotes.php?group_id=234663&release_id=621954

SECUNIA - 31641


Last Updated: 27 May 2016 10:48:19