CVE Vulnerability

CVE-2008-1793

Multiple cross-site scripting (XSS) vulnerabilities in view.cgi in Smart Classified ADS Professional, Smart Photo ADS, and Smart Photo ADS Gold allow remote attackers to inject arbitrary web script or HTML via the (1) AdNum and (2) Department parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

References
Link Resource
http://secunia.com/advisories/29623 Vendor Advisory
http://www.securityfocus.com/bid/28595
https://exchange.xforce.ibmcloud.com/vulnerabilities/41611
Configurations

Configuration 1

cpe:2.3:a:hoffice:smart_classified_ads:*:*:professional:*:*:*:*:*
cpe:2.3:a:hoffice:smart_photo_ads:*:*:*:*:*:*:*:*
cpe:2.3:a:hoffice:smart_photo_ads_gold:*:*:*:*:*:*:*:*
Information

Published : 2008-04-15 05:05

Updated : 2017-08-08 01:30

NVD link : CVE-2008-1793

Mitre link : CVE-2008-1793

Products Affected
No products.
CWE
CWE-79