Details of VAR-200902-0193

ID

VAR-200902-0193

CVE

CVE-2008-6087

TITLE

Camera Life of topic.php Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2009-002815

DESCRIPTION

Cross-site scripting (XSS) vulnerability in topic.php in Camera Life 2.6.2b4 allows remote attackers to inject arbitrary web script or HTML via the name parameter. Camera Life is an open source PHP-based photo management and organization plugin

Trust: 1.98

sources: NVD: CVE-2008-6087 // JVNDB: JVNDB-2009-002815 // BID: 80753 // VULHUB: VHN-36212

AFFECTED PRODUCTS

vendor:	camera life	model:	camera life	scope:	eq	version:	2.6.2b4	Trust: 2.4
vendor:	camera	model:	life camera life 2.6.2b4	scope:	-	version:	-	Trust: 0.3

sources: BID: 80753 // JVNDB: JVNDB-2009-002815 // CNNVD: CNNVD-200902-133 // NVD: CVE-2008-6087

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2008-6087
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2008-6087
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200902-133
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-36212
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2008-6087
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-36212
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-36212 // JVNDB: JVNDB-2009-002815 // CNNVD: CNNVD-200902-133 // NVD: CVE-2008-6087

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-36212 // JVNDB: JVNDB-2009-002815 // NVD: CVE-2008-6087

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200902-133

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-200902-133

CONFIGURATIONS

sources: JVNDB: JVNDB-2009-002815

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-36212

PATCH

title:

Top Page

url:

http://fdcl.sourceforge.net/

Trust: 0.8

sources: JVNDB: JVNDB-2009-002815

EXTERNAL IDS

db:	NVD	id:	CVE-2008-6087	Trust: 2.8
db:	BID	id:	31689	Trust: 2.0
db:	EXPLOIT-DB	id:	6710	Trust: 2.0
db:	XF	id:	45805	Trust: 0.9
db:	JVNDB	id:	JVNDB-2009-002815	Trust: 0.8
db:	MILW0RM	id:	6710	Trust: 0.6
db:	CNNVD	id:	CNNVD-200902-133	Trust: 0.6
db:	BID	id:	80753	Trust: 0.4
db:	VULHUB	id:	VHN-36212	Trust: 0.1

sources: VULHUB: VHN-36212 // BID: 80753 // JVNDB: JVNDB-2009-002815 // CNNVD: CNNVD-200902-133 // NVD: CVE-2008-6087

REFERENCES

url:	http://www.securityfocus.com/bid/31689	Trust: 2.0
url:	http://sourceforge.net/project/shownotes.php?group_id=70910&release_id=643552	Trust: 1.9
url:	https://www.exploit-db.com/exploits/6710	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/45805	Trust: 1.1
url:	http://www.milw0rm.com/exploits/6710	Trust: 0.9
url:	http://xforce.iss.net/xforce/xfdb/45805	Trust: 0.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-6087	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-6087	Trust: 0.8
url:	http://sourceforge.net/project/shownotes.php?group_id=70910&release_id=643552	Trust: 0.1

sources: VULHUB: VHN-36212 // BID: 80753 // JVNDB: JVNDB-2009-002815 // CNNVD: CNNVD-200902-133 // NVD: CVE-2008-6087

CREDITS

BackDoor

Trust: 0.6

sources: CNNVD: CNNVD-200902-133

SOURCES

db:	VULHUB	id:	VHN-36212
db:	BID	id:	80753
db:	JVNDB	id:	JVNDB-2009-002815
db:	CNNVD	id:	CNNVD-200902-133
db:	NVD	id:	CVE-2008-6087

LAST UPDATE DATE

2025-04-10T23:15:39.127000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-36212	date:	2017-09-29T00:00:00
db:	BID	id:	80753	date:	2009-02-06T00:00:00
db:	JVNDB	id:	JVNDB-2009-002815	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200902-133	date:	2009-02-09T00:00:00
db:	NVD	id:	CVE-2008-6087	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-36212	date:	2009-02-06T00:00:00
db:	BID	id:	80753	date:	2009-02-06T00:00:00
db:	JVNDB	id:	JVNDB-2009-002815	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200902-133	date:	2009-02-06T00:00:00
db:	NVD	id:	CVE-2008-6087	date:	2009-02-06T19:30:00.453