CVE-2008-2462

Опубликовано: 30 июн. 2008

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in the viewfile documentation command in Caucho Resin before 3.0.25, and 3.1.x before 3.1.4, allows remote attackers to inject arbitrary web script or HTML via the file parameter.

Ссылки

http://secunia.com/advisories/30845
Third Party Advisory
http://www.caucho.com/resin/changes/changes-31.xtp#3.1.4%20-%20Dec%205%2C%202007
http://www.kb.cert.org/vuls/id/305208
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/29948
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1020372
Third Party Advisory
VDB Entry
http://www.vupen.com/english/advisories/2008/1930/references
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/43367
Third Party Advisory
VDB Entry
http://secunia.com/advisories/30845
Third Party Advisory
http://www.caucho.com/resin/changes/changes-31.xtp#3.1.4%20-%20Dec%205%2C%202007
http://www.kb.cert.org/vuls/id/305208
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/29948
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1020372
Third Party Advisory
VDB Entry
http://www.vupen.com/english/advisories/2008/1930/references
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/43367
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:caucho:resin:*:*:*:*:*:*:*:*

Версия до 3.0.25 (исключая)

cpe:2.3:a:caucho:resin:*:*:*:*:*:*:*:*

Версия от 3.1.0 (включая) до 3.1.4 (исключая)

EPSS

Процентиль: 88%

0.03865

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-h4x7-qwgf-wmph

github

почти 4 года назад