Vulnerability Details : CVE-2008-7220
Unspecified vulnerability in Prototype JavaScript framework (prototypejs) before 1.6.0.2 allows attackers to make "cross-site ajax requests" via unknown vectors.
Exploit prediction scoring system (EPSS) score for CVE-2008-7220
Probability of exploitation activity in the next 30 days: 0.41%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 71 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2008-7220
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
nvd@nist.gov |
References for CVE-2008-7220
-
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00838.html
Broken Link
-
http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html
dotCMS 5.1.1 Vulnerable Dependencies ≈ Packet StormThird Party Advisory;VDB Entry
-
http://www.openwall.com/lists/oss-security/2009/11/07/2
Mailing List;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=533137
Issue Tracking;Not Applicable;Third Party Advisory
-
https://lists.apache.org/thread.html/eff7280055fc717ea8129cd28a9dd57b8446d00b36260c1caee10b87@%3Cnotifications.zookeeper.apache.org%3E
[GitHub] [zookeeper] phunt opened a new pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814 - Pony MailMailing List;Third Party Advisory
-
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00789.html
Broken Link
-
https://lists.apache.org/thread.html/769fcc5f331b61c4d7ce16b807678e9a1799628d0146322e14aa24ed@%3Cdev.zookeeper.apache.org%3E
Mailing List;Third Party Advisory
-
http://seclists.org/fulldisclosure/2019/May/13
Full Disclosure: Re: dotCMS v5.1.1 HTML Injection & XSS VulnerabilityMailing List;Third Party Advisory
-
http://seclists.org/fulldisclosure/2019/May/10
Full Disclosure: dotCMS v5.1.1 VulnerabilitiesMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/6d1b9a75a004dab42c81e8aa149d90e6fd26ce8cd6d71295e565e366@%3Cissues.zookeeper.apache.org%3E
Mailing List;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=523277
Issue Tracking;Patch;Third Party Advisory
-
https://lists.apache.org/thread.html/7ba863c5a4a0f1230cba2d11cf4de3a2eda3a42e8023d4990f564327@%3Cdev.zookeeper.apache.org%3E
Mailing List;Third Party Advisory
-
http://github.com/sstephenson/prototype/blob/master/CHANGELOG
Release Notes;Third Party Advisory
-
https://seclists.org/bugtraq/2019/May/18
Bugtraq: dotCMS v5.1.1 VulnerabilitiesIssue Tracking;Mailing List;Third Party Advisory
-
http://www.debian.org/security/2009/dsa-1952
Third Party Advisory
-
https://lists.apache.org/thread.html/2ad48cd9d47edd0e677082eb869115809473a117e1e30b52fb511590@%3Cissues.zookeeper.apache.org%3E
Mailing List;Third Party Advisory
-
http://seclists.org/fulldisclosure/2019/May/11
Full Disclosure: dotCMS v5.1.1 HTML Injection & XSS VulnerabilityMailing List;Third Party Advisory
Products affected by CVE-2008-7220
- cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:prototypejs:prototype:*:*:*:*:*:*:*:*