CVE Vulnerability

CVE-2008-7134

Multiple cross-site scripting (XSS) vulnerabilities in the default URI in Chris LaPointe RedGalaxy Download Center 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) file parameter, (2) message parameter in a login action, (3) category parameter in a browse action, (4) now parameter, or (5) search parameter in a search_results action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

References
Link Resource
http://download.redgalaxy.net/?nav=home Patch
http://www.securityfocus.com/bid/28219 Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/41198
Configurations

Configuration 1

cpe:2.3:a:redgalaxy:download_center:1.2:*:*:*:*:*:*:*
Information

Published : 2009-09-01 04:30

Updated : 2017-08-17 01:29

NVD link : CVE-2008-7134

Mitre link : CVE-2008-7134

Products Affected

Download Center

Redgalaxy

CWE
CWE-79