Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name CVE-2008-3574 First vendor Publication 2008-08-10
Vendor Cve Last vendor Modification 2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:N/I:P/A:N)
Cvss Base Score 2.6 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity High
Cvss Expoit Score 4.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple cross-site scripting (XSS) vulnerabilities in Pluck 4.5.2, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) lang_footer parameter to (a) data/inc/footer.php; the (2) pluck_version, (3) lang_install22, (4) titelkop, (5) lang_kop1, (6) lang_kop2, (7) lang_modules, (8) lang_kop4, (9) lang_kop15, (10) lang_kop5, and (11) titelkop parameters to (b) data/inc/header.php; the pluck_version and titelkop parameters to (c) data/inc/header2.php; and the (14) lang_theme6 parameter to (d) data/inc/themeinstall.php.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3574

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

Open Source Vulnerability Database (OSVDB)

Id Description
47433 Pluck data/inc/themeinstall.php lang_theme6 Parameter XSS

Pluck contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'lang_theme6' variable upon submission to the 'data/inc/themeinstall.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
47432 Pluck data/inc/header2.php Multiple Parameter XSS

Pluck contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'pluck_version' and 'titelkop' variables upon submission to the 'data/inc/header2.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
47431 Pluck data/inc/header.php Multiple Parameter XSS

Pluck contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'pluck_version', 'lang_install22', 'titelkop', 'lang_kop1', 'lang_kop2', 'lang_modules', 'lang_kop4', 'lang_kop15', and 'lang_kop5' variables upon submission to the 'data/inc/header.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
47430 Pluck data/inc/footer.php lang_footer Parameter XSS

Pluck contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'lang_footer' variable upon submission to the 'data/inc/footer.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Sources (Detail)

http://securityreason.com/securityalert/4125
http://www.securityfocus.com/archive/1/495110/100/0/threaded
http://www.securityfocus.com/bid/30542
https://exchange.xforce.ibmcloud.com/vulnerabilities/44237
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
Date Informations
2024-11-28 23:13:43
  • Multiple Updates
2024-11-28 12:16:15
  • Multiple Updates
2021-05-04 12:07:54
  • Multiple Updates
2021-04-22 01:08:15
  • Multiple Updates
2020-05-23 00:22:05
  • Multiple Updates
2018-10-12 00:20:25
  • Multiple Updates
2017-08-08 09:24:18
  • Multiple Updates
2013-05-11 00:23:17
  • Multiple Updates