CVE-2008-1916

{"id": "CVE-2008-1916", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2008-04-23T13:05:00.000", "references": [{"url": "http://drupal.org/node/241944", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/1083/references", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41624", "source": "cve@mitre.org"}, {"url": "http://drupal.org/node/241944", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2008/1083/references", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41624", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart 5.x before 5.x-1.0-rc1 module for Drupal allow remote attackers to inject arbitrary web script or HTML via text fields intended for the (1) address and (2) order information, which are later displayed on the order view page and unspecified other administrative pages, a different vulnerability than CVE-2008-1428."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS), vulnerabilidades en Ubercart 5.x anteteriores a 5.x-1.0-rc1, m\u00f3dulo para drupal que permite a los atacantes remotos inyectar c\u00f3digo web o HTML a trav\u00e9s de los campos deseados (1) direcci\u00f3n y (2) pedir informaci\u00f3n, los cuales son mostrados mas tarde en la p\u00e1gina que hemos pedido y en otras p\u00e1ginas administrativas no especificadas, es una vulnerabilidad distinta a CVE-2008-1428."}], "lastModified": "2024-11-21T00:45:39.437", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:drupal:ubercart_module:5-1.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "739895AB-2F58-4E92-BE95-9D2BED55C5E6"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}