Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5043

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2008-5043
Last Modified 30 Oct 2012 11:06:37
Published 12 Nov 2008 06:30:02
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2008-5043

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the web-based interface in IBM Metrica Service Assurance Framework allow remote authenticated users to inject arbitrary web script or HTML via (1) the elementid parameter in a generatedreportresults action to the ReportTree program, (2) the jnlpname parameter to the Launch program, or (3) the :tasklabel parameter to the ReportRequest program, related to the name of a report.

Vulnerable Systems

Application

  • Ibm Metrica Service Assurance Framework


References

XF - metricaservice-reporttree-launch-xss(46495)

VUPEN - ADV-2008-3145

BID - 32233

BUGTRAQ - 20081108 Metrica Service Assurance Multiple Cross Site Scripting

SREASON - 4578

SECUNIA - 32683


Last Updated: 27 May 2016 10:49:46