CVE-2009-4347

Published Dec 17, 2009

Last updated 6 years ago

Overview

Description: Cross-site scripting (XSS) vulnerability in daloradius-users/login.php in daloRADIUS 0.9-8 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:liran_tal:daloradius:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CDFD5730-AAD5-47D2-8A9D-4786C87DD198",
            "versionEndIncluding": "0.9-8"
          },
          {
            "criteria": "cpe:2.3:a:liran_tal:daloradius:0.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5FEFB4EC-2C9F-4821-98A0-EDDB5DD6C0BC"
          },
          {
            "criteria": "cpe:2.3:a:liran_tal:daloradius:0.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F8EEADA5-D848-4390-82F4-20EF7CF1B797"
          },
          {
            "criteria": "cpe:2.3:a:liran_tal:daloradius:0.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7FFBF412-71C6-481B-BB4D-13CBCF159F9B"
          },
          {
            "criteria": "cpe:2.3:a:liran_tal:daloradius:0.9-1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BE075C1F-7737-48ED-AD08-A468B9C53548"
          },
          {
            "criteria": "cpe:2.3:a:liran_tal:daloradius:0.9-2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "08381DEB-CA39-43E8-8733-9EED447CCFFF"
          },
          {
            "criteria": "cpe:2.3:a:liran_tal:daloradius:0.9-3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2294CC94-53C0-48F8-9561-BFAB38E227BF"
          },
          {
            "criteria": "cpe:2.3:a:liran_tal:daloradius:0.9-4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0FBFD62C-985B-4AD6-8401-E8D7A76C1E62"
          },
          {
            "criteria": "cpe:2.3:a:liran_tal:daloradius:0.9-5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1E3AB6B4-337B-47F7-B9C0-105174FAF877"
          },
          {
            "criteria": "cpe:2.3:a:liran_tal:daloradius:0.9-6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "39D3034B-00BE-45EF-A901-D247DFEC570E"
          },
          {
            "criteria": "cpe:2.3:a:liran_tal:daloradius:0.9-7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1F1B4C24-5D42-47BB-A5FA-72809BA2A643"
          },
          {
            "criteria": "cpe:2.3:a:liran_tal:daloradius:0.9-7:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DA9C7E92-C7EF-4D6E-93AD-6F7E667BA37D"
          },
          {
            "criteria": "cpe:2.3:a:liran_tal:daloradius:0.9-7:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "27F78DFA-0A57-4AB1-B714-0D40DB3A98F2"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References