CVE-2008-5093

EPSS 0.57%
Veröffentlicht 14.11.2008 19:20:54
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Cross-site scripting (XSS) vulnerability in the HTTP Protocol Stack (HTTPSTK) in Novell eDirectory before 8.8 SP3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Novell ≫ Edirectory

Novell ≫ Edirectory Updatesp2 Editionwindows Version <= 8.8

Novell ≫ Edirectory Version8.0

Novell ≫ Edirectory Version8.5.12a

Novell ≫ Edirectory Version8.5.27

Novell ≫ Edirectory Version8.6.2

Novell ≫ Edirectory Version8.7

Novell ≫ Edirectory Version8.7.1

Novell ≫ Edirectory Version8.7.1 Updatesp1

Novell ≫ Edirectory Version8.7.3

Novell ≫ Edirectory Version8.7.3 Updatesp1 Editionwindows

Novell ≫ Edirectory Version8.7.3 Updatesp2 Editionwindows

Novell ≫ Edirectory Version8.7.3 Updatesp3 Editionwindows

Novell ≫ Edirectory Version8.7.3 Updatesp4 Editionwindows

Novell ≫ Edirectory Version8.7.3 Updatesp5 Editionwindows

Novell ≫ Edirectory Version8.7.3 Updatesp6 Editionwindows

Novell ≫ Edirectory Version8.7.3 Updatesp7 Editionwindows

Novell ≫ Edirectory Version8.7.3 Updatesp8 Editionwindows

Novell ≫ Edirectory Version8.7.3 Updatesp9 Editionwindows

Novell ≫ Edirectory Version8.7.3.8

Novell ≫ Edirectory Version8.7.3.8_presp9

Novell ≫ Edirectory Version8.7.3.9

Novell ≫ Edirectory Version8.7.3.9 Editionlinux

Novell ≫ Edirectory Version8.7.3.9 Editionsolaris

Novell ≫ Edirectory Version8.7.3.9 Editionwindows_2000

Novell ≫ Edirectory Version8.7.3.9 Editionwindows_2003

Novell ≫ Edirectory Version8.7.3.10

Novell ≫ Edirectory Version8.8

Novell ≫ Edirectory Version8.8 Editionlinux

Novell ≫ Edirectory Version8.8 Editionsolaris

Novell ≫ Edirectory Version8.8 Editionwindows_2000

Novell ≫ Edirectory Version8.8 Editionwindows_2003

Novell ≫ Edirectory Version8.8.1

Novell ≫ Edirectory Version8.8.1 Editionlinux

Novell ≫ Edirectory Version8.8.1 Editionsolaris

Novell ≫ Edirectory Version8.8.1 Editionwindows_2000

Novell ≫ Edirectory Version8.8.1 Editionwindows_2003

Novell ≫ Edirectory Version8.8.2

Novell ≫ Edirectory Version8.8.2 Editionlinux

Novell ≫ Edirectory Version8.8.2 Editionsolaris

Novell ≫ Edirectory Version8.8.2 Editionwindows_2000

Novell ≫ Edirectory Version8.8.2 Editionwindows_2003

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.57%	0.658

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://www.novell.com/support/viewContent.do?externalId=3426981

Vendor Advisory

http://www.securityfocus.com/bid/30947

http://www.vupen.com/english/advisories/2008/2462

http://www.securitytracker.com/id?1020785

https://exchange.xforce.ibmcloud.com/vulnerabilities/46667

https://nvd.nist.gov/vuln/detail/CVE-2008-5093

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-5093

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-5093

EUVD