CVE-2008-2758

{"id": "CVE-2008-2758", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2008-06-18T22:41:00.000", "references": [{"url": "http://bugreport.ir/index.php?/41", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=121322052622903&w=2", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/30643", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/3950", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/29672", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43042", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute News Manager XE 3.2 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) pblname and (2) text parameters to (a) admin/search.asp, (3) name parameter to (b) admin/publishers.asp, and other unspecified vectors to (c) anmviewer.asp and (d) editarticleX.asp in admin/. NOTE: some of these details are obtained from third party information."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Xigla Absolute News Manager XE 3.2; permite a administradores autenticados en remoto inyectar secuencias de comandos Web o HTML a trav\u00e9s de los par\u00e1metros (1) pblname y (2) text en (a) admin/search.asp, (3) par\u00e1metro name en (b) admin/publishers.asp, y otros vectores no especificados en (c) anmviewer.asp y (d) editarticleX.asp en admin/. NOTA: Parte de esta informaci\u00f3n ha sido obtenida de fuentes de terceros."}], "lastModified": "2017-08-08T01:31:18.137", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:xigla:absolute_news_manager_xe:3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07AAC8C4-C549-4071-901C-C40C8410B6DB"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}