Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-7231

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2008-7231
Last Modified 15 Sep 2009 12:00:00
Published 14 Sep 2009 10:30:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2008-7231

Summary

Cross-site scripting (XSS) vulnerability in Meridio Document and Records Management before 4.3 SR1 allows remote authenticated users to inject arbitrary web script or HTML via the Title field in a (1) document (subGeneralProps:dmpvDocTitle:PROP_W_title) or (2) container (subGeneralProps:dmpvContainerTitle:PROP_W_title).

Vulnerable Systems

Application

  • Meridio Document And Records Management 4.2

  • Meridio Document And Records Management 4.3


References

XF - documentsandrecordsmanagement-title-xss(40422)

BID - 27721

MISC - http://labs.mwrinfosecurity.com/files/Advisories/mwri_meridio-advisory-embedded-xss_2008-01-15.pdf

MISC - http://labs.mwrinfosecurity.com/advisories/meridio_cross_site_scripting_vulnerability/


Last Updated: 27 May 2016 10:49:31