CVE-2008-2967 - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) query string to login.php and the (2) glb_sid parameter to hta/htmlarea.js.php, and allow remote authenticated users to inject arbitrary web script or HTML via an unspecified field in room.php.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Yektaweb	Academic Web Tools

Configuration 1 [-]

cpe:2.3:a:yektaweb:academic_web_tools:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://secunia.com/advisories/30763
http://securityreason.com/securityalert/3959
http://www.bugreport.ir/?/44
http://www.securityfocus.com/archive/1/493472/100/0/threaded
http://www.securityfocus.com/bid/29813
https://exchange.xforce.ibmcloud.com/vulnerabilities/43178

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-07-02T17:00:00

Updated: 2024-08-07T09:21:34.598Z

Reserved: 2008-07-02T00:00:00

Link: CVE-2008-2967

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-07-02T17:14:00.000

Modified: 2018-10-11T20:45:37.500

Link: CVE-2008-2967

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-06-24T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) query string to login.php and the (2) glb_sid parameter to hta/htmlarea.js.php, and allow remote authenticated users to inject arbitrary web script or HTML via an unspecified field in room.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20080619 Academic Web Tools CMS <= 1.4.2.8 Multiple Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/493472/100/0/threaded"}, {"name": "30763", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30763"}, {"tags": ["x_refsource_MISC"], "url": "http://www.bugreport.ir/?/44"}, {"name": "academicwebtools-multiple-xss(43178)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43178"}, {"name": "3959", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/3959"}, {"name": "29813", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/29813"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-2967", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) query string to login.php and the (2) glb_sid parameter to hta/htmlarea.js.php, and allow remote authenticated users to inject arbitrary web script or HTML via an unspecified field in room.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20080619 Academic Web Tools CMS <= 1.4.2.8 Multiple Vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/493472/100/0/threaded"}, {"name": "30763", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30763"}, {"name": "http://www.bugreport.ir/?/44", "refsource": "MISC", "url": "http://www.bugreport.ir/?/44"}, {"name": "academicwebtools-multiple-xss(43178)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43178"}, {"name": "3959", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3959"}, {"name": "29813", "refsource": "BID", "url": "http://www.securityfocus.com/bid/29813"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T09:21:34.598Z"}, "title": "CVE Program Container", "references": [{"name": "20080619 Academic Web Tools CMS <= 1.4.2.8 Multiple Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/493472/100/0/threaded"}, {"name": "30763", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/30763"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.bugreport.ir/?/44"}, {"name": "academicwebtools-multiple-xss(43178)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43178"}, {"name": "3959", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/3959"}, {"name": "29813", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/29813"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-2967", "datePublished": "2008-07-02T17:00:00", "dateReserved": "2008-07-02T00:00:00", "dateUpdated": "2024-08-07T09:21:34.598Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:yektaweb:academic_web_tools:*:*:*:*:*:*:*:*", "matchCriteriaId": "FF4A47D5-5588-4758-91DA-A95FCDD6D4B9", "versionEndIncluding": "1.4.2.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) query string to login.php and the (2) glb_sid parameter to hta/htmlarea.js.php, and allow remote authenticated users to inject arbitrary web script or HTML via an unspecified field in room.php."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Academic Web Tools (AWT YEKTA) 1.4.3.1 y 1.4.2.8 y anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML mediante los par\u00e1metros (1) query string a login.php y (2) glb_sid a hta/htmlarea.js.php y permite a usuarios autentificados remotamente inyectar secuencias de comandos web o HTML mediante un campo no especificado en room.php."}], "id": "CVE-2008-2967", "lastModified": "2018-10-11T20:45:37.500", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2008-07-02T17:14:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/30763"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/3959"}, {"source": "cve@mitre.org", "url": "http://www.bugreport.ir/?/44"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/493472/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/29813"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43178"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}