4.3

CVE-2008-5720

Cross-site scripting (XSS) vulnerability in Mayaa before 1.1.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the default error page for the org.seasar.mayaa.impl.engine.PageNotFoundException exception and possibly other exceptions.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SeasarMayaa Version <= 1.1.22
SeasarMayaa Version0.1.0
SeasarMayaa Version0.1.0f
SeasarMayaa Version0.1.1
SeasarMayaa Version0.1.2
SeasarMayaa Version0.1.3
SeasarMayaa Version0.2.0
SeasarMayaa Version0.3.0
SeasarMayaa Version0.4.0
SeasarMayaa Version0.9.0
SeasarMayaa Version0.9.1
SeasarMayaa Version0.9.2
SeasarMayaa Version0.9.3
SeasarMayaa Version0.9.4
SeasarMayaa Version0.9.5
SeasarMayaa Version0.9.6
SeasarMayaa Version0.9.7
SeasarMayaa Version0.9.7.1
SeasarMayaa Version0.9.8
SeasarMayaa Version0.9.9
SeasarMayaa Version0.9.10
SeasarMayaa Version0.9.11
SeasarMayaa Version0.9.12
SeasarMayaa Version0.9.13
SeasarMayaa Version0.9.14
SeasarMayaa Version0.9.15
SeasarMayaa Version0.9.16
SeasarMayaa Version0.9.17
SeasarMayaa Version0.9.18
SeasarMayaa Version0.9.19
SeasarMayaa Version0.9.20
SeasarMayaa Version0.9.20a
SeasarMayaa Version1.0.0
SeasarMayaa Version1.0.0 Updatebeta1
SeasarMayaa Version1.0.0 Updatebeta2
SeasarMayaa Version1.0.0 Updatebeta3
SeasarMayaa Version1.0.0 Updaterc1
SeasarMayaa Version1.0.1
SeasarMayaa Version1.0.2
SeasarMayaa Version1.0.3
SeasarMayaa Version1.1.0
SeasarMayaa Version1.1.0 Updatebeta1
SeasarMayaa Version1.1.0 Updatebeta2
SeasarMayaa Version1.1.0 Updatebeta3
SeasarMayaa Version1.1.0 Updatebeta4
SeasarMayaa Version1.1.0 Updatebeta5
SeasarMayaa Version1.1.0 Updatebeta6
SeasarMayaa Version1.1.1
SeasarMayaa Version1.1.2
SeasarMayaa Version1.1.3
SeasarMayaa Version1.1.4
SeasarMayaa Version1.1.5
SeasarMayaa Version1.1.6
SeasarMayaa Version1.1.7
SeasarMayaa Version1.1.8
SeasarMayaa Version1.1.9
SeasarMayaa Version1.1.10
SeasarMayaa Version1.1.11
SeasarMayaa Version1.1.12
SeasarMayaa Version1.1.13
SeasarMayaa Version1.1.14
SeasarMayaa Version1.1.15
SeasarMayaa Version1.1.16
SeasarMayaa Version1.1.17
SeasarMayaa Version1.1.18
SeasarMayaa Version1.1.19
SeasarMayaa Version1.1.20
SeasarMayaa Version1.1.21
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.26% 0.658
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://jvn.jp/en/jp/JVN17298485/index.html
http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000085.html
http://mayaa.seasar.org/news/vulnerability20081225.html
http://osvdb.org/51007
http://secunia.com/advisories/33333
http://www.securityfocus.com/bid/33015
https://exchange.xforce.ibmcloud.com/vulnerabilities/47623