CVE-2008-2236 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4.3 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:N/I:P/A:N
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 63%

Vendor	Product	Version
blosxom	blosxom	𝑥 ≤ 2.1.1
blosxom	blosxom	0.1.5
blosxom	blosxom	1.0
blosxom	blosxom	1.0.1
blosxom	blosxom	2.0
blosxom	blosxom	2.0-3
blosxom	blosxom	2.0-4
blosxom	blosxom	2.0.1
blosxom	blosxom	2.0.2
blosxom	blosxom	2.0.5
blosxom	blosxom	2.0.6
blosxom	blosxom	2.0.7
blosxom	blosxom	2.0.8
blosxom	blosxom	2.0.9
blosxom	blosxom	2.1.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

blosxom

sid	2.1.2-2.1 fixed
trixie	2.1.2-2.1 fixed
bookworm	2.1.2-2.1 fixed
bullseye	2.1.2-2.1 fixed

Ubuntu Releases

Ubuntu Product

Codename

blosxom

oneiric	not-affected
natty	not-affected
maverick	not-affected
lucid	not-affected
karmic	not-affected
jaunty	not-affected
intrepid	ignored
hardy	ignored
gutsy	ignored
feisty	ignored
dapper	ignored

Common Weakness Enumeration

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References

http://jvn.jp/en/jp/JVN03300113/index.html

http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000073.html

http://secunia.com/advisories/32074

http://sourceforge.net/project/shownotes.php?release_id=630149

http://www.securityfocus.com/bid/31535

https://exchange.xforce.ibmcloud.com/vulnerabilities/45600

http://jvn.jp/en/jp/JVN03300113/index.html

http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000073.html

http://secunia.com/advisories/32074

http://sourceforge.net/project/shownotes.php?release_id=630149

http://www.securityfocus.com/bid/31535

https://exchange.xforce.ibmcloud.com/vulnerabilities/45600