CVE-2008-1243

{"id": "CVE-2008-1243", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-03-10T17:44:00.000", "references": [{"url": "http://code.bulix.org/cx46qa-65489", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://code.bulix.org/koom78-65490", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41121", "source": "cve@mitre.org"}, {"url": "http://code.bulix.org/cx46qa-65489", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://code.bulix.org/koom78-65490", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41121", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability on the Linksys WRT300N router with firmware 2.00.20, when Mozilla Firefox or Apple Safari is used, allows remote attackers to inject arbitrary web script or HTML via the dyndns_domain parameter to the default URI."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el router Linksys WRT300N con software empotrado (firmware) 2.00.20, cuando se utiliza Mozilla Firefox o Apple Safari, permite a atacantes remotos inyectar secuencias de comandos Web o HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro dyndns_domain en el URI por defecto."}], "lastModified": "2024-11-21T00:44:02.443", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:linksys:wrt300n:*:*:2.00.20:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E509B0B-EA59-4833-8589-4EB60FFAD0A7"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}