Vulnerability Details CVE-2008-2236
Cross-site scripting (XSS) vulnerability in blosxom.cgi in Blosxom before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the flav parameter (flavour variable). NOTE: some of these details are obtained from third party information.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 63.9%
CVSS Severity
CVSS v2 Score 4.3
References
- http://jvn.jp/en/jp/JVN03300113/index.html
- http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000073.html
- http://secunia.com/advisories/32074
- http://sourceforge.net/project/shownotes.php?release_id=630149
- http://www.securityfocus.com/bid/31535
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45600
- http://jvn.jp/en/jp/JVN03300113/index.html
- http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000073.html
- http://secunia.com/advisories/32074
- http://sourceforge.net/project/shownotes.php?release_id=630149
- http://www.securityfocus.com/bid/31535
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45600
Products affected by CVE-2008-2236
-
cpe:2.3:a:blosxom:blosxom:*
-
cpe:2.3:a:blosxom:blosxom:0.1.5
-
cpe:2.3:a:blosxom:blosxom:1.0
-
cpe:2.3:a:blosxom:blosxom:1.0.1
-
cpe:2.3:a:blosxom:blosxom:2.0
-
cpe:2.3:a:blosxom:blosxom:2.0-3
-
cpe:2.3:a:blosxom:blosxom:2.0-4
-
cpe:2.3:a:blosxom:blosxom:2.0.1
-
cpe:2.3:a:blosxom:blosxom:2.0.2
-
cpe:2.3:a:blosxom:blosxom:2.0.5
-
cpe:2.3:a:blosxom:blosxom:2.0.6
-
cpe:2.3:a:blosxom:blosxom:2.0.7
-
cpe:2.3:a:blosxom:blosxom:2.0.8
-
cpe:2.3:a:blosxom:blosxom:2.0.9
-
cpe:2.3:a:blosxom:blosxom:2.1.0