Vulnerability Details : CVE-2008-5918
Cross-site scripting (XSS) vulnerability in the getParameterisedSelfUrl function in index.php in WebSVN 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2008-5918
- cpe:2.3:a:tigris:websvn:*:*:*:*:*:*:*:*
- cpe:2.3:a:tigris:websvn:1.38:*:*:*:*:*:*:*
- cpe:2.3:a:tigris:websvn:1.37:*:*:*:*:*:*:*
- cpe:2.3:a:tigris:websvn:1.04:*:*:*:*:*:*:*
- cpe:2.3:a:tigris:websvn:1.03:*:*:*:*:*:*:*
- cpe:2.3:a:tigris:websvn:1.60:*:*:*:*:*:*:*
- cpe:2.3:a:tigris:websvn:1.61:*:*:*:*:*:*:*
- cpe:2.3:a:tigris:websvn:1.34:*:*:*:*:*:*:*
- cpe:2.3:a:tigris:websvn:1.33:*:*:*:*:*:*:*
- cpe:2.3:a:tigris:websvn:1.02:*:*:*:*:*:*:*
- cpe:2.3:a:tigris:websvn:1.01:*:*:*:*:*:*:*
- cpe:2.3:a:tigris:websvn:1.62:*:*:*:*:*:*:*
- cpe:2.3:a:tigris:websvn:1.51:*:*:*:*:*:*:*
- cpe:2.3:a:tigris:websvn:1.32:*:*:*:*:*:*:*
- cpe:2.3:a:tigris:websvn:1.31a:*:*:*:*:*:*:*
- cpe:2.3:a:tigris:websvn:1.00:*:*:*:*:*:*:*
- cpe:2.3:a:tigris:websvn:1.40:*:*:*:*:*:*:*
- cpe:2.3:a:tigris:websvn:1.39:*:*:*:*:*:*:*
- cpe:2.3:a:tigris:websvn:1.20:*:*:*:*:*:*:*
- cpe:2.3:a:tigris:websvn:1.10:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-5918
0.46%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 75 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-5918
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2008-5918
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-5918
-
http://securityreason.com/securityalert/4928
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/46048
-
http://www.gulftech.org/?node=research&article_id=00132-10202008
Exploit
-
http://www.gentoo.org/security/en/glsa/glsa-200903-20.xml
-
http://websvn.tigris.org/servlets/NewsItemView?newsItemID=2218
Patch
-
https://www.exploit-db.com/exploits/6822
-
http://websvn.tigris.org/issues/show_bug.cgi?id=179
-
http://www.securityfocus.com/bid/31891
Exploit
Jump to