CVE-2008-4076

Cross-site scripting (XSS) vulnerability in (1) Tor World Tor Board 1.3 and earlier, (2) Topics BBS 1.11 and earlier, (3) Simple BBS 1.86 and earlier, and (4) Interactive BBS 1.57 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-0917.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://download.torworld.com/bug/20080905.html	Patch
http://jvn.jp/en/jp/JVN18616622/index.html
http://secunia.com/advisories/31835
http://www.securityfocus.com/bid/31105	Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/45043

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:tor_world:interactive_bbs::::::::
	cpe:2.3:a:tor_world:simple_bbs::::::::
	cpe:2.3:a:tor_world:simple_bbs:1.3:::::::*
	cpe:2.3:a:tor_world:topics_bbs::::::::
	cpe:2.3:a:tor_world:tor_board::::::::
	cpe:2.3:a:tor_world:tor_board:1.1:::::::*

History

No history.

Information

Published : 2008-09-15 15:14

Updated : 2023-12-10 10:51

NVD link : CVE-2008-4076

Mitre link : CVE-2008-4076

CVE.ORG link : CVE-2008-4076

JSON object : View

Products Affected

tor_world

tor_board
interactive_bbs
topics_bbs
simple_bbs

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2008-4076", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2008-09-15T15:14:07.337", "references": [{"url": "http://download.torworld.com/bug/20080905.html", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://jvn.jp/en/jp/JVN18616622/index.html", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/31835", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/31105", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45043", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in (1) Tor World Tor Board 1.3 and earlier, (2) Topics BBS 1.11 and earlier, (3) Simple BBS 1.86 and earlier, and (4) Interactive BBS 1.57 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-0917."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en (1) Tor World Tor Board 1.3 y versiones anteriores, (2) Topics BBS 1.11 y versiones anteriores, (3) Simple BBS 1.86 y versiones anteriores, y (4) Interactive BBS 1.57 y versiones anteriores permite a atacantes remotos inyectar web script o HTML a trav\u00e9s de vectores no especificados, una cuesti\u00f3n diferente a CVE-2008-0917."}], "lastModified": "2017-08-08T01:32:23.890", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:tor_world:interactive_bbs:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44638D98-6133-46A5-AAFB-CFFEE1BAD983", "versionEndIncluding": "1.57"}, {"criteria": "cpe:2.3:a:tor_world:simple_bbs:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F6522E41-84B0-4A1C-835A-4C423B2FE125", "versionEndIncluding": "1.86"}, {"criteria": "cpe:2.3:a:tor_world:simple_bbs:1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C65B72C5-9C2A-49B4-9292-09B58DD7496E"}, {"criteria": "cpe:2.3:a:tor_world:topics_bbs:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D115C37C-C9C2-4058-97E5-840A6FC3C4C0", "versionEndIncluding": "1.11"}, {"criteria": "cpe:2.3:a:tor_world:tor_board:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "59266471-5B2C-4356-9C40-2FD390B6B769", "versionEndIncluding": "1.3"}, {"criteria": "cpe:2.3:a:tor_world:tor_board:1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D7C4FD4-9402-479C-9986-6C34362F056F"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}