CVE-2008-0867

Cross-site scripting (XSS) vulnerability in portal/server.pt in BEA AquaLogic Interaction 6.1 through MP1 and Plumtree Foundation 6.0 through SP1 allows remote attackers to inject arbitrary web script or HTML via the name parameter.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://dev2dev.bea.com/pub/advisory/259
http://www.procheckup.com/Vulnerability_PR06-12.php
http://secunia.com/advisories/29040	Vendor Advisory
http://www.securitytracker.com/id?1019440
http://www.vupen.com/english/advisories/2008/0610
http://www.securityfocus.com/archive/1/488346/100/100/threaded

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:bea_systems:plumtree_foundation:6.0:sp1::::::
	cpe:2.3:a:bea_systems:aqualogic_interaction:6.1:mp1::::::
	cpe:2.3:a:bea_systems:plumtree_foundation:6.0:::::::*
	cpe:2.3:a:bea_systems:aqualogic_interaction:6.1:::::::*

Information

Published : 2008-02-20 17:44

Updated : 2018-10-15 15:03

NVD link : CVE-2008-0867

Mitre link : CVE-2008-0867

JSON object : View

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Products Affected

bea_systems

plumtree_foundation
aqualogic_interaction

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://dev2dev.bea.com/pub/advisory/259", "name": "BEA08-186.00", "tags": [], "refsource": "BEA"}, {"url": "http://www.procheckup.com/Vulnerability_PR06-12.php", "name": "http://www.procheckup.com/Vulnerability_PR06-12.php", "tags": [], "refsource": "MISC"}, {"url": "http://secunia.com/advisories/29040", "name": "29040", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securitytracker.com/id?1019440", "name": "1019440", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.vupen.com/english/advisories/2008/0610", "name": "ADV-2008-0610", "tags": [], "refsource": "VUPEN"}, {"url": "http://www.securityfocus.com/archive/1/488346/100/100/threaded", "name": "20080219 PR06-12: XSS on BEA Plumtree Foundation and AquaLogic Interaction portals", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in portal/server.pt in BEA AquaLogic Interaction 6.1 through MP1 and Plumtree Foundation 6.0 through SP1 allows remote attackers to inject arbitrary web script or HTML via the name parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-79"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2008-0867", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2008-02-21T01:44Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:bea_systems:plumtree_foundation:6.0:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea_systems:aqualogic_interaction:6.1:mp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea_systems:plumtree_foundation:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea_systems:aqualogic_interaction:6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-15T22:03Z"}

4.3 /10