CVE-2008-2188

Multiple cross-site scripting (XSS) vulnerabilities in EJ3 BlackBook 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) bookCopyright and (2) ver parameters to (a) footer.php, and the (3) bookName, (4) bookMetaTags, and (5) estiloCSS parameters to (b) header.php.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
VendorProductVersion
eejj33blackbook
1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://securityreason.com/securityalert/3873
http://www.securityfocus.com/archive/1/491549/100/0/threaded
http://www.securityfocus.com/bid/29015
https://exchange.xforce.ibmcloud.com/vulnerabilities/42147
http://securityreason.com/securityalert/3873
http://www.securityfocus.com/archive/1/491549/100/0/threaded
http://www.securityfocus.com/bid/29015
https://exchange.xforce.ibmcloud.com/vulnerabilities/42147