Sign-up

ID

VAR-200806-0051


CVE

CVE-2008-2533


TITLE

Phoenix View CMS Pre Alpha2 Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2008-003125

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in Phoenix View CMS Pre Alpha2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ltarget parameter to (a) admin/admin_frame.php and the (2) conf parameter to (b) gbuch.admin.php, (c) links.admin.php, (d) menue.admin.php, (e) news.admin.php, and (f) todo.admin.php in admin/module/. (a) admin/admin_frame.php To ltarget Parameters (b) admin/module Subordinate gbuch.admin.php To conf Parameters (c) admin/module Subordinate links.admin.php To conf Parameters (d) admin/module Subordinate menue.admin.php To conf Parameters (e) admin/module Subordinate news.admin.php To conf Parameters (f) admin/module Subordinate todo.admin.php To conf Parameters. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. UPDATE (June 2, 2008): The vendor reports that the application is not vulnerable to the issue, but this has not been confirmed

Trust: 2.07

sources: NVD: CVE-2008-2533 // JVNDB: JVNDB-2008-003125 // BID: 29130 // IVD: bea48eda-23cd-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: bea48eda-23cd-11e6-abef-000c29c66e3d

AFFECTED PRODUCTS

vendor:fkrauthanmodel:phoenix view cmsscope:eqversion:2-pre-alpha

Trust: 1.6

vendor:fkrauthanmodel:phoenix view cmsscope:lteversion:pre alpha2

Trust: 0.8

vendor:phoenixmodel:view cms phoenix view cms pre alpha2scope: - version: -

Trust: 0.3

vendor:phoenix view cmsmodel:2-pre-alphascope: - version: -

Trust: 0.2

sources: IVD: bea48eda-23cd-11e6-abef-000c29c66e3d // BID: 29130 // JVNDB: JVNDB-2008-003125 // CNNVD: CNNVD-200806-048 // NVD: CVE-2008-2533

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-2533
value: MEDIUM

Trust: 1.0

NVD: CVE-2008-2533
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200806-048
value: MEDIUM

Trust: 0.6

IVD: bea48eda-23cd-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2008-2533
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

IVD: bea48eda-23cd-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: bea48eda-23cd-11e6-abef-000c29c66e3d // JVNDB: JVNDB-2008-003125 // CNNVD: CNNVD-200806-048 // NVD: CVE-2008-2533

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2008-003125 // NVD: CVE-2008-2533

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200806-048

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-200806-048

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2008-003125

PATCH
title:Top Pageurl:http://sourceforge.net/projects/phoenixviewcms/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2008-003125

EXTERNAL IDS
db:NVDid:CVE-2008-2533
Trust: 2.9
db:BIDid:29130
Trust: 1.9
db:EXPLOIT-DBid:5578
Trust: 1.6
db:CNNVDid:CNNVD-200806-048
Trust: 0.8
db:JVNDBid:JVNDB-2008-003125
Trust: 0.8
db:MILW0RMid:5578
Trust: 0.6
db:XFid:42314
Trust: 0.6
db:IVDid:BEA48EDA-23CD-11E6-ABEF-000C29C66E3D
Trust: 0.2
sources:
            
            
            IVD: bea48eda-23cd-11e6-abef-000c29c66e3d // 
            
            
            
            BID: 29130 // 
            
            
            
            JVNDB: JVNDB-2008-003125 // 
            
            
            
            CNNVD: CNNVD-200806-048 // 
            
            
            
            NVD: CVE-2008-2533

REFERENCES
url:http://www.securityfocus.com/bid/29130
Trust: 1.6
url:https://www.exploit-db.com/exploits/5578
Trust: 1.0
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/42314
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2533
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-2533
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/42314
Trust: 0.6
url:http://www.milw0rm.com/exploits/5578
Trust: 0.6
url:http://sourceforge.net/projects/phoenixviewcms/
Trust: 0.3
sources:
            
            
            BID: 29130 // 
            
            
            
            JVNDB: JVNDB-2008-003125 // 
            
            
            
            CNNVD: CNNVD-200806-048 // 
            
            
            
            NVD: CVE-2008-2533

CREDITS
tw8
Trust: 0.9
sources:
            
            
            BID: 29130 // 
            
            
            
            CNNVD: CNNVD-200806-048

SOURCES
db:IVDid:bea48eda-23cd-11e6-abef-000c29c66e3d
db:BIDid:29130
db:JVNDBid:JVNDB-2008-003125
db:CNNVDid:CNNVD-200806-048
db:NVDid:CVE-2008-2533

LAST UPDATE DATE
2025-04-10T23:13:04.389000+00:00

SOURCES UPDATE DATE
db:BIDid:29130date:2015-05-07T17:29:00
db:JVNDBid:JVNDB-2008-003125date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200806-048date:2008-09-05T00:00:00
db:NVDid:CVE-2008-2533date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:IVDid:bea48eda-23cd-11e6-abef-000c29c66e3ddate:2008-06-03T00:00:00
db:BIDid:29130date:2008-05-10T00:00:00
db:JVNDBid:JVNDB-2008-003125date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200806-048date:2008-06-03T00:00:00
db:NVDid:CVE-2008-2533date:2008-06-03T15:32:00