CVE-2008-4053

{"id": "CVE-2008-4053", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2008-09-11T21:06:48.117", "references": [{"url": "http://lostmon.blogspot.com/2008/08/popnupblog-indexphp-multiple-variables.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/31625", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/30827", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44680", "source": "cve@mitre.org"}, {"url": "http://lostmon.blogspot.com/2008/08/popnupblog-indexphp-multiple-variables.html", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/31625", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/30827", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44680", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in index.php in the Bluemoon PopnupBLOG module 3.20 and 3.30 for XOOPS allow remote attackers to inject arbitrary web script or HTML via the (1) param, (2) cat_id, and (3) view parameters."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados - XSS en index.php en el m\u00f3dulo Bluemoon PopnupBLOG, versi\u00f3n 3.20 y 3.30 para XOOPS, que permite a los atacantes remotos inyectar arbitrariamente una secuencia de comandos web o HTM a trav\u00e9s de los par\u00e1metros (1) param, (2) cat_id, y (3) view."}], "lastModified": "2024-11-21T00:50:46.283", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:bluemoon:popnupblog:3.20:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "395002B3-746B-4385-B0C7-5F3A6CA40179"}, {"criteria": "cpe:2.3:a:bluemoon:popnupblog:3.30:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40CFC30D-9179-4787-B991-BBC0CC0112B0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:xoops:xoops:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EB325E21-BD1E-4C12-B3B1-7210AFFD1235"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}