CVE-2008-1888

{"id": "CVE-2008-1888", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2008-04-18T21:05:00.000", "references": [{"url": "http://www.caughq.org/advisories/CAU-2008-0002.txt", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/490624/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/28706", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41934", "source": "cve@mitre.org"}, {"url": "http://www.caughq.org/advisories/CAU-2008-0002.txt", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/490624/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/28706", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41934", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 2.0 allows remote attackers to inject arbitrary web script or HTML via the Picture Source (aka picture object source) field in the Rich Text Editor."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Microsoft Windows SharePoint Services 2.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del campo Picture Source (Fuente de Imagen) (tambi\u00e9n conocido como picture object source) en Rich Text Editor."}], "lastModified": "2024-11-21T00:45:35.380", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8127B923-B007-486A-8E61-10BE1E21D8BC"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}