Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4637

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-4637
Last Modified 22 Jul 2009 12:00:00
Published 21 Oct 2008 02:00:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-4637

Summary

Cross-site scripting (XSS) vulnerability in cpCommerce before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors in the advanced search feature. NOTE: this is probably a variant of CVE-2008-4121.

Vulnerable Systems

Application

  • Cpcommerce 0.5f

  • Cpcommerce 1.0.5

  • Cpcommerce 1.0.5.1

  • Cpcommerce 1.0.6

  • Cpcommerce 1.0.7

  • Cpcommerce 1.0.7.1

  • Cpcommerce 1.0.7.2

  • Cpcommerce 1.0.7.3

  • Cpcommerce 1.0.7.4

  • Cpcommerce 1.0.8

  • Cpcommerce 1.0.9

  • Cpcommerce 1.0.9a

  • Cpcommerce 1.1.0

  • Cpcommerce 1.2.0

  • Cpcommerce 1.2.1

  • Cpcommerce 1.2.2

  • Cpcommerce 1.2.3


References

XF - cpcommerce-advancedsearch-xss(46090)

CONFIRM - http://cpcommerce.cpradio.org/


Last Updated: 27 May 2016 10:48:34