CVE-2008-2167

Published May 13, 2008

Last updated 6 years ago

CVSS info 4.3

Overview

Description: Cross-site scripting (XSS) vulnerability in ZyXEL ZyWALL 100 allows remote attackers to inject arbitrary web script or HTML via the Referer header, which is not properly handled in a 404 Error page.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:zywall_100:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A042AAA7-22D2-4E82-9D4A-6BA5974F3238"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

https://nvd.nist.gov/vuln/detail/CVE-2008-2167
http://lists.grok.org.uk/pipermail/full-disclosure/2008-May/062152.html
http://secunia.com/advisories/30142
http://securityreason.com/securityalert/3869
http://www.securityfocus.com/archive/1/491818/100/0/threaded
http://www.securityfocus.com/bid/29110
http://www.securitytracker.com/id?1020000
http://www.vupen.com/english/advisories/2008/1501/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/42282

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References