Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4520

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-4520
Last Modified 10 Oct 2008 12:00:00
Published 09 Oct 2008 02:14:15
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-4520

Summary

Cross-site scripting (XSS) vulnerability in bulk_update.pl in AutoNessus before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the remark parameter.

Vulnerable Systems

Application

  • Autonessus 1.0

  • Autonessus 1.1

  • Autonessus 1.1.1

  • Autonessus 1.2

  • Autonessus 1.2.1


References

BID - 31559

CONFIRM - http://sourceforge.net/project/shownotes.php?group_id=216367&release_id=630124

XF - autonessus-bulkupdate-xss(45634)

MISC - http://sourceforge.net/tracker/index.php?func=detail&aid=2141884&group_id=216367&atid=1037394

SECUNIA - 32046

MISC - http://autonessus.cvs.sourceforge.net/viewvc/autonessus/AutoNessus/www/bulk_update.pl?r1=1.2&r2=1.3


Last Updated: 27 May 2016 10:48:32