{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-08-19T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Lussumo Vanilla 1.1.4 and earlier (1) allow remote attackers to inject arbitrary web script or HTML via the NewPassword parameter to people.php, and allow remote authenticated users to inject arbitrary web script or HTML via the (2) Account picture and (3) Icon fields in account.php. NOTE: some of these details are obtained from third party information."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-11T19:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "31527", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31527"}, {"name": "vanilla-people-xss(44554)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44554"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://lussumo.com/community/discussion/8559/vanilla-115-release-candidate-1/"}, {"name": "20080819 Vanilla <= 1.1.4 Script Injection/ XSS", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/495577/100/0/threaded"}, {"name": "vanilla-account-xss(44556)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44556"}, {"tags": ["x_refsource_MISC"], "url": "http://www.gulftech.org/?node=research&article_id=00126-08192008"}, {"name": "30748", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/30748"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://lussumo.com/docs/doku.php?id=vanilla:releasenotes"}, {"name": "4176", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/4176"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-3758", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Lussumo Vanilla 1.1.4 and earlier (1) allow remote attackers to inject arbitrary web script or HTML via the NewPassword parameter to people.php, and allow remote authenticated users to inject arbitrary web script or HTML via the (2) Account picture and (3) Icon fields in account.php. NOTE: some of these details are obtained from third party information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "31527", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31527"}, {"name": "vanilla-people-xss(44554)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44554"}, {"name": "http://lussumo.com/community/discussion/8559/vanilla-115-release-candidate-1/", "refsource": "CONFIRM", "url": "http://lussumo.com/community/discussion/8559/vanilla-115-release-candidate-1/"}, {"name": "20080819 Vanilla <= 1.1.4 Script Injection/ XSS", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/495577/100/0/threaded"}, {"name": "vanilla-account-xss(44556)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44556"}, {"name": "http://www.gulftech.org/?node=research&article_id=00126-08192008", "refsource": "MISC", "url": "http://www.gulftech.org/?node=research&article_id=00126-08192008"}, {"name": "30748", "refsource": "BID", "url": "http://www.securityfocus.com/bid/30748"}, {"name": "http://lussumo.com/docs/doku.php?id=vanilla:releasenotes", "refsource": "CONFIRM", "url": "http://lussumo.com/docs/doku.php?id=vanilla:releasenotes"}, {"name": "4176", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/4176"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T09:52:59.532Z"}, "title": "CVE Program Container", "references": [{"name": "31527", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/31527"}, {"name": "vanilla-people-xss(44554)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44554"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://lussumo.com/community/discussion/8559/vanilla-115-release-candidate-1/"}, {"name": "20080819 Vanilla <= 1.1.4 Script Injection/ XSS", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/495577/100/0/threaded"}, {"name": "vanilla-account-xss(44556)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44556"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.gulftech.org/?node=research&article_id=00126-08192008"}, {"name": "30748", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/30748"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://lussumo.com/docs/doku.php?id=vanilla:releasenotes"}, {"name": "4176", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/4176"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-3758", "datePublished": "2008-08-21T17:00:00.000Z", "dateReserved": "2008-08-21T00:00:00.000Z", "dateUpdated": "2024-08-07T09:52:59.532Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:lussumo:vanilla:*:*:*:*:*:*:*:*", "matchCriteriaId": "112F55F1-6129-4E15-B34D-E29995EB763C", "versionEndIncluding": "1.1.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:lussumo:vanilla:0.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "34C3B2A7-EF53-4C3E-997D-F978C9286AF8", "vulnerable": true}, {"criteria": "cpe:2.3:a:lussumo:vanilla:1:*:*:*:*:*:*:*", "matchCriteriaId": "EB5944B6-6A0B-4666-B666-B8A3787DBB82", "vulnerable": true}, {"criteria": "cpe:2.3:a:lussumo:vanilla:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "8ED4C0D9-0821-4A49-BEFD-8EB3901B9AFE", "vulnerable": true}, {"criteria": "cpe:2.3:a:lussumo:vanilla:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "218D8A6C-FD89-48AE-BD21-38B41B382259", "vulnerable": true}, {"criteria": "cpe:2.3:a:lussumo:vanilla:1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "DC2EA631-61AE-4E0B-9B1E-34FB8271AFF5", "vulnerable": true}, {"criteria": "cpe:2.3:a:lussumo:vanilla:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "E2E0B536-6295-4D2A-8B1E-D39F0163CDE5", "vulnerable": true}, {"criteria": "cpe:2.3:a:lussumo:vanilla:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "81996E90-3F33-40C3-805E-D7D7C6E4B554", "vulnerable": true}, {"criteria": "cpe:2.3:a:lussumo:vanilla:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "55F8E29B-4D41-405B-912B-58FBE172AA00", "vulnerable": true}, {"criteria": "cpe:2.3:a:lussumo:vanilla:1.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "618BF3EC-6E8B-48A9-89D3-A3F9F9B0F013", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Lussumo Vanilla 1.1.4 and earlier (1) allow remote attackers to inject arbitrary web script or HTML via the NewPassword parameter to people.php, and allow remote authenticated users to inject arbitrary web script or HTML via the (2) Account picture and (3) Icon fields in account.php. NOTE: some of these details are obtained from third party information."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Lussumo Vanilla 1.1.4 y versiones anteriores (1) permiten a atacantes remotos inyectar web script o HTML a trav\u00e9s del par\u00e1metro NewPassword de people.php, y permiten a usuarios remotos autenticados inyectar web script o HTML de su elecci\u00f3n a trav\u00e9s de (2) Account picture y (3) Icon fields en account.php.\r\nNOTA: algunos de estos detalles han sido obtenidos a partir de la informaci\u00f3n de terceros."}], "id": "CVE-2008-3758", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2008-08-21T17:41:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://lussumo.com/community/discussion/8559/vanilla-115-release-candidate-1/"}, {"source": "cve@mitre.org", "url": "http://lussumo.com/docs/doku.php?id=vanilla:releasenotes"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/31527"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/4176"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.gulftech.org/?node=research&article_id=00126-08192008"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/495577/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/30748"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44554"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44556"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://lussumo.com/community/discussion/8559/vanilla-115-release-candidate-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lussumo.com/docs/doku.php?id=vanilla:releasenotes"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/31527"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/4176"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.gulftech.org/?node=research&article_id=00126-08192008"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/495577/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/30748"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44554"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44556"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}