CVE-2008-1386
Vulnerability from cvelistv5
Published
2008-04-23 10:00
Modified
2024-08-07 08:17
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the installer in Serendipity (S9Y) 1.3 allow remote attackers to inject arbitrary web script or HTML via (1) unspecified path fields or (2) the database host field. NOTE: the timing window for exploitation of this issue might be limited.
References
cve@mitre.orghttp://archives.neohapsis.com/archives/fulldisclosure/2008-04/0590.html
cve@mitre.orghttp://blog.s9y.org/archives/193-Serendipity-1.3.1-released.html
cve@mitre.orghttp://int21.de/cve/CVE-2008-1386-s9y.html
cve@mitre.orghttp://www.securityfocus.com/archive/1/491176/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/28885Exploit, Patch
cve@mitre.orghttp://www.securitytracker.com/id?1019915
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/1348/references
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/41967
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0590.html
af854a3a-2127-422b-91ae-364da2661108http://blog.s9y.org/archives/193-Serendipity-1.3.1-released.html
af854a3a-2127-422b-91ae-364da2661108http://int21.de/cve/CVE-2008-1386-s9y.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/491176/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/28885Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1019915
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/1348/references
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/41967
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:17:34.678Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20080422 Correcting CVEs (was Re: [Full-disclosure] Cross site scripting issues in s9y (CVE-2008-1386, CVE-2008-1387))",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0590.html"
          },
          {
            "name": "20080422 Correcting CVEs (was Re: [Full-disclosure] Cross site scripting issues in s9y (CVE-2008-1386, CVE-2008-1387))",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/491176/100/0/threaded"
          },
          {
            "name": "28885",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/28885"
          },
          {
            "name": "ADV-2008-1348",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1348/references"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://int21.de/cve/CVE-2008-1386-s9y.html"
          },
          {
            "name": "1019915",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019915"
          },
          {
            "name": "serendipity-installer-xss(41967)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41967"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://blog.s9y.org/archives/193-Serendipity-1.3.1-released.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-04-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in the installer in Serendipity (S9Y) 1.3 allow remote attackers to inject arbitrary web script or HTML via (1) unspecified path fields or (2) the database host field.  NOTE: the timing window for exploitation of this issue might be limited."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20080422 Correcting CVEs (was Re: [Full-disclosure] Cross site scripting issues in s9y (CVE-2008-1386, CVE-2008-1387))",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0590.html"
        },
        {
          "name": "20080422 Correcting CVEs (was Re: [Full-disclosure] Cross site scripting issues in s9y (CVE-2008-1386, CVE-2008-1387))",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/491176/100/0/threaded"
        },
        {
          "name": "28885",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/28885"
        },
        {
          "name": "ADV-2008-1348",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1348/references"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://int21.de/cve/CVE-2008-1386-s9y.html"
        },
        {
          "name": "1019915",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019915"
        },
        {
          "name": "serendipity-installer-xss(41967)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41967"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://blog.s9y.org/archives/193-Serendipity-1.3.1-released.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-1386",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the installer in Serendipity (S9Y) 1.3 allow remote attackers to inject arbitrary web script or HTML via (1) unspecified path fields or (2) the database host field.  NOTE: the timing window for exploitation of this issue might be limited."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20080422 Correcting CVEs (was Re: [Full-disclosure] Cross site scripting issues in s9y (CVE-2008-1386, CVE-2008-1387))",
              "refsource": "FULLDISC",
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0590.html"
            },
            {
              "name": "20080422 Correcting CVEs (was Re: [Full-disclosure] Cross site scripting issues in s9y (CVE-2008-1386, CVE-2008-1387))",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/491176/100/0/threaded"
            },
            {
              "name": "28885",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/28885"
            },
            {
              "name": "ADV-2008-1348",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1348/references"
            },
            {
              "name": "http://int21.de/cve/CVE-2008-1386-s9y.html",
              "refsource": "MISC",
              "url": "http://int21.de/cve/CVE-2008-1386-s9y.html"
            },
            {
              "name": "1019915",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019915"
            },
            {
              "name": "serendipity-installer-xss(41967)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41967"
            },
            {
              "name": "http://blog.s9y.org/archives/193-Serendipity-1.3.1-released.html",
              "refsource": "CONFIRM",
              "url": "http://blog.s9y.org/archives/193-Serendipity-1.3.1-released.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-1386",
    "datePublished": "2008-04-23T10:00:00",
    "dateReserved": "2008-03-18T00:00:00",
    "dateUpdated": "2024-08-07T08:17:34.678Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-1386\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-04-23T13:05:00.000\",\"lastModified\":\"2024-11-21T00:44:25.510\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple cross-site scripting (XSS) vulnerabilities in the installer in Serendipity (S9Y) 1.3 allow remote attackers to inject arbitrary web script or HTML via (1) unspecified path fields or (2) the database host field.  NOTE: the timing window for exploitation of this issue might be limited.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados en el instalador de Serendepity (S9Y) 1.3, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de (1) campos de ruta sin especificar o (2) el campo \\\"host\\\" de la base de datos. NOTA: la ventana de tiempo para vulnerar esta caracter\u00edstica podr\u00eda estar limitada.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:s9y:serendipity:1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"96AD0492-E4D4-4A43-80EF-5F38F62DFF25\"}]}]}],\"references\":[{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0590.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://blog.s9y.org/archives/193-Serendipity-1.3.1-released.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://int21.de/cve/CVE-2008-1386-s9y.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/491176/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/28885\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://www.securitytracker.com/id?1019915\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1348/references\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/41967\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0590.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://blog.s9y.org/archives/193-Serendipity-1.3.1-released.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://int21.de/cve/CVE-2008-1386-s9y.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/491176/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/28885\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://www.securitytracker.com/id?1019915\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1348/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/41967\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.