[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2008-2929Date: (C)2008-08-29   (M)2023-12-22


Multiple cross-site scripting (XSS) vulnerabilities in the adminutil library in the Directory Server Administration Express and Directory Server Gateway (DSGW) web interface in Red Hat Directory Server 7.1 before SP7 and 8 EL4 and EL5, and Fedora Directory Server, allow remote attackers to inject arbitrary web script or HTML via input values that use % (percent) escaping.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECTRACK-1020772
BID-30870
SECUNIA-31565
SECUNIA-31612
SECUNIA-31702
SECUNIA-31777
ADV-2008-2480
FEDORA-2008-7339
FEDORA-2008-7642
RHSA-2008:0596
RHSA-2008:0601
SSRT080113
http://www.redhat.com/docs/manuals/dir-server/release-notes/7.1SP7/index.html
https://bugzilla.redhat.com/show_bug.cgi?id=454621
oval:org.mitre.oval:def:5877
rhds-dsgw-dsae-xss(44737)

CWE    1
CWE-79

© SecPod Technologies