CVE-2009-2928

Published Aug 21, 2009

Last updated 7 years ago

Overview

Description: Cross-site scripting (XSS) vulnerability in login.php in TGS Content Management 0.x allows remote attackers to inject arbitrary web script or HTML via the previous_page parameter, a different vector than CVE-2008-6839.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:tgs-cms:tgs_content_management:0.1.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1C78B9E2-5E5F-4AE2-9FF7-DD5B05C5156D"
          },
          {
            "criteria": "cpe:2.3:a:tgs-cms:tgs_content_management:0.1.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D726819D-BEBC-4D9B-8316-66A0B789C110"
          },
          {
            "criteria": "cpe:2.3:a:tgs-cms:tgs_content_management:0.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "48605CBA-AC9B-4380-8283-A482A6E941F5"
          },
          {
            "criteria": "cpe:2.3:a:tgs-cms:tgs_content_management:0.2.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D8D23FFE-4B3E-4427-9D06-DDE2163528DB"
          },
          {
            "criteria": "cpe:2.3:a:tgs-cms:tgs_content_management:0.2.5:r2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C4434CD2-309A-4B6D-A8D2-78134C1F411F"
          },
          {
            "criteria": "cpe:2.3:a:tgs-cms:tgs_content_management:0.2.5:r3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "332DD6FB-F23B-4A36-923C-A396DAFF8E39"
          },
          {
            "criteria": "cpe:2.3:a:tgs-cms:tgs_content_management:0.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4C8BA097-5AE5-4174-89B3-E4AD0AC37507"
          },
          {
            "criteria": "cpe:2.3:a:tgs-cms:tgs_content_management:0.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A13CED45-B95A-4B3A-A3A9-493F1A0FF1E3"
          },
          {
            "criteria": "cpe:2.3:a:tgs-cms:tgs_content_management:0.3.2:r2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C25F9DA1-8624-4060-B519-DB121B4C5E9B"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References