CVE-2009-0861

Published Mar 10, 2009

Last updated 7 years ago

Overview

Description: Cross-site scripting (XSS) vulnerability in phpDenora before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via an IRC channel name. NOTE: some of these details are obtained from third party information.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:denorastats:phpdenora:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0D597788-656C-4A30-ADF5-A5D7244AB9CD",
            "versionEndIncluding": "1.2.2"
          },
          {
            "criteria": "cpe:2.3:a:denorastats:phpdenora:0.9.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1E063085-D10D-4E6F-8FB5-B450C8CE2064"
          },
          {
            "criteria": "cpe:2.3:a:denorastats:phpdenora:0.9.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "690816F6-D776-44FA-BBFA-DC5896444FA4"
          },
          {
            "criteria": "cpe:2.3:a:denorastats:phpdenora:1.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "30020BD3-6567-45B4-BF86-CB3506337426"
          },
          {
            "criteria": "cpe:2.3:a:denorastats:phpdenora:1.0.0:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "758F1024-ACCD-4D93-92C7-B112B81AF1B5"
          },
          {
            "criteria": "cpe:2.3:a:denorastats:phpdenora:1.0.0:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "51CD547C-0345-4254-8804-880DDABF3829"
          },
          {
            "criteria": "cpe:2.3:a:denorastats:phpdenora:1.0.0:rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "18D94632-C20F-47D1-8605-4586E7A45C1E"
          },
          {
            "criteria": "cpe:2.3:a:denorastats:phpdenora:1.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2DC71B0D-FFDC-4C46-B665-1136BB16AFCB"
          },
          {
            "criteria": "cpe:2.3:a:denorastats:phpdenora:1.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9846BC70-9254-4BFA-BF99-F120EE99B20A"
          },
          {
            "criteria": "cpe:2.3:a:denorastats:phpdenora:1.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9556D33B-90A7-44B4-91D1-95358B4A2A73"
          },
          {
            "criteria": "cpe:2.3:a:denorastats:phpdenora:1.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D89D60BF-2E21-46D0-AE64-FDF62E4AAE56"
          },
          {
            "criteria": "cpe:2.3:a:denorastats:phpdenora:1.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "177EA99B-9CE0-4920-AA4B-5F14BA48A25F"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References