CVE-2008-2035
Published Apr 30, 2008
Last updated 7 years ago
Overview
- Description
- Cross-site scripting (XSS) vulnerability in the Bluemoon, Inc. (1) BackPack 0.91 and earlier, (2) BmSurvey 0.84 and earlier, (3) newbb_fileup 1.83 and earlier, (4) News_embed (news_fileup) 1.44 and earlier, and (5) PopnupBlog 3.19 and earlier modules for XOOPS 2.0.x, XOOPS Cube 2.1, and ImpressCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bluemoon:backpack:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B3A71096-13E8-4357-8DC2-8D28F2AE6C27",
"versionEndIncluding": "0.91"
},
{
"criteria": "cpe:2.3:a:bluemoon:bmsurvey:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9606165B-67E3-41DA-BA62-EFAB2632509F",
"versionEndIncluding": "0.84"
},
{
"criteria": "cpe:2.3:a:bluemoon:newbb_fileup:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D29194E7-B6FB-40A7-BA2B-8D58BB75B0F2",
"versionEndIncluding": "1.83"
},
{
"criteria": "cpe:2.3:a:bluemoon:news_fileup:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "36D4BC0A-90C8-461A-920B-A7803FF093FD",
"versionEndIncluding": "1.44"
},
{
"criteria": "cpe:2.3:a:bluemoon:popnupblog:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B6917491-BDB8-43A4-9030-D87D278C5473",
"versionEndIncluding": "3.19"
},
{
"criteria": "cpe:2.3:a:xoops:xoops:2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1D649637-9772-4B71-B219-DD505CDB3549"
},
{
"criteria": "cpe:2.3:a:xoops:xoops_cube:2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "180F736F-0814-4B3C-AB0C-6D1F5D691E3A"
}
],
"operator": "OR"
}
]
}
]