CVE-2008-1548

Multiple cross-site scripting (XSS) vulnerabilities in Aeries Browser Interface (ABI) 3.8.3.14 in Eagle Software Aries Student Information System allow remote attackers to inject arbitrary web script or HTML via the (1) UserName parameter to loginproc.asp and the (2) usr parameter to Login.asp.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/28436
http://secunia.com/advisories/29533	Vendor Advisory
http://securityreason.com/securityalert/3787
https://exchange.xforce.ibmcloud.com/vulnerabilities/41430
http://www.securityfocus.com/archive/1/490033/100/0/threaded

Configurations

Configuration 1 (hide)

cpe:2.3:a:aeries:aeries_student_information_system:3.8.3.14:*:*:*:*:*:*:*

Information

Published : 2008-03-31 10:44

Updated : 2018-10-11 13:35

NVD link : CVE-2008-1548

Mitre link : CVE-2008-1548

JSON object : View

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Products Affected

aeries

aeries_student_information_system

4.3 /10