Vulnerability Details : CVE-2008-7220
Unspecified vulnerability in Prototype JavaScript framework (prototypejs) before 1.6.0.2 allows attackers to make "cross-site ajax requests" via unknown vectors.
Products affected by CVE-2008-7220
- cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:prototypejs:prototype:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-7220
0.52%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 77 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-7220
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2008-7220
-
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00838.html
[SECURITY] Fedora 10 Update: asterisk-1.6.0.17-2.fc10Broken Link
-
http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html
dotCMS 5.1.1 Vulnerable Dependencies ≈ Packet StormThird Party Advisory;VDB Entry
-
http://www.openwall.com/lists/oss-security/2009/11/07/2
oss-security - Re: CVE Request - Asterisk (AST-2009-008.html)Mailing List;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=533137
533137 – (CVE-2009-3727) CVE-2009-3727 Asterisk: SIP responses expose valid usernames (AST-2009-008)Issue Tracking;Not Applicable;Third Party Advisory
-
https://lists.apache.org/thread.html/eff7280055fc717ea8129cd28a9dd57b8446d00b36260c1caee10b87@%3Cnotifications.zookeeper.apache.org%3E
[GitHub] [zookeeper] phunt opened a new pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814 - Pony MailMailing List;Third Party Advisory
-
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00789.html
[SECURITY] Fedora 11 Update: asterisk-1.6.1.9-1.fc11Broken Link
-
https://lists.apache.org/thread.html/769fcc5f331b61c4d7ce16b807678e9a1799628d0146322e14aa24ed@%3Cdev.zookeeper.apache.org%3E
Mailing List;Third Party Advisory
-
http://seclists.org/fulldisclosure/2019/May/13
Full Disclosure: Re: dotCMS v5.1.1 HTML Injection & XSS VulnerabilityMailing List;Third Party Advisory
-
http://seclists.org/fulldisclosure/2019/May/10
Full Disclosure: dotCMS v5.1.1 VulnerabilitiesMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/6d1b9a75a004dab42c81e8aa149d90e6fd26ce8cd6d71295e565e366@%3Cissues.zookeeper.apache.org%3E
Mailing List;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=523277
523277 – (CVE-2008-7220) CVE-2008-7220 WordPress, MediaTomb, python-webhelpers, Asterisk, Plone -- embedded Prototype JavaScript FrameWork: XSS Ajax requests (AST-2009-009)Issue Tracking;Patch;Third Party Advisory
-
https://lists.apache.org/thread.html/7ba863c5a4a0f1230cba2d11cf4de3a2eda3a42e8023d4990f564327@%3Cdev.zookeeper.apache.org%3E
Mailing List;Third Party Advisory
-
http://github.com/sstephenson/prototype/blob/master/CHANGELOG
prototype/CHANGELOG at master · prototypejs/prototype · GitHubRelease Notes;Third Party Advisory
-
https://seclists.org/bugtraq/2019/May/18
Bugtraq: dotCMS v5.1.1 VulnerabilitiesIssue Tracking;Mailing List;Third Party Advisory
-
http://www.debian.org/security/2009/dsa-1952
[SECURITY] [DSA 1952-1] New asterisk packages fix several vulnerabilitiesThird Party Advisory
-
https://lists.apache.org/thread.html/2ad48cd9d47edd0e677082eb869115809473a117e1e30b52fb511590@%3Cissues.zookeeper.apache.org%3E
Mailing List;Third Party Advisory
-
http://seclists.org/fulldisclosure/2019/May/11
Full Disclosure: dotCMS v5.1.1 HTML Injection & XSS VulnerabilityMailing List;Third Party Advisory
Jump to