4.3

CVE-2009-0417

Cross-site scripting (XSS) vulnerability in the AgaviWebRouting::gen(null) method in Agavi 0.11 before 0.11.6 and 1.0 before 1.0.0 beta 8 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with certain characters that are not properly handled by web browsers that do not strictly follow RFC 3986, such as Internet Explorer 6 and 7.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AgaviAgavi Version0.11.0
AgaviAgavi Version0.11.0 Updaterc1
AgaviAgavi Version0.11.0 Updaterc2
AgaviAgavi Version0.11.0 Updaterc3
AgaviAgavi Version0.11.0 Updaterc4
AgaviAgavi Version0.11.0 Updaterc5
AgaviAgavi Version0.11.0 Updaterc6
AgaviAgavi Version0.11.0 Updaterc7
AgaviAgavi Version0.11.1
AgaviAgavi Version0.11.1 Updaterc1
AgaviAgavi Version0.11.1 Updaterc2
AgaviAgavi Version0.11.1 Updaterc3
AgaviAgavi Version0.11.2
AgaviAgavi Version0.11.2 Updaterc1
AgaviAgavi Version0.11.2 Updaterc2
AgaviAgavi Version0.11.3
AgaviAgavi Version0.11.3 Updaterc1
AgaviAgavi Version0.11.3 Updaterc2
AgaviAgavi Version0.11.4
AgaviAgavi Version0.11.4 Updaterc1
AgaviAgavi Version0.11.5
AgaviAgavi Version0.11.5 Updaterc1
AgaviAgavi Version0.11.6
AgaviAgavi Version0.11.6 Updaterc1
AgaviAgavi Version0.11.6 Updaterc2
AgaviAgavi Version1.0.0 Updatebeta1
AgaviAgavi Version1.0.0 Updatebeta2
AgaviAgavi Version1.0.0 Updatebeta3
AgaviAgavi Version1.0.0 Updatebeta4
AgaviAgavi Version1.0.0 Updatebeta5
AgaviAgavi Version1.0.0 Updatebeta6
AgaviAgavi Version1.0.0 Updatebeta7
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.31% 0.51
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.