CVE-2008-3596

Cross-site scripting (XSS) vulnerability in Harmoni before 1.4.7 allows remote attackers to inject arbitrary web script or HTML via the Username field, which is inserted into logs that could be rendered when viewed by an administrator.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
harmoniharmoni
𝑥
≤ 1.4.6
harmoniharmoni
0.0.2:beta
harmoniharmoni
0.0.3:beta
harmoniharmoni
0.0.4
harmoniharmoni
0.0.5
harmoniharmoni
0.1.0
harmoniharmoni
0.2.0
harmoniharmoni
0.3.0
harmoniharmoni
0.3.1
harmoniharmoni
0.3.2
harmoniharmoni
0.5.1
harmoniharmoni
0.6.0
harmoniharmoni
0.6.2
harmoniharmoni
0.7.0
harmoniharmoni
0.7.1
harmoniharmoni
0.7.2
harmoniharmoni
0.7.6
harmoniharmoni
0.7.7
harmoniharmoni
0.9.0
harmoniharmoni
0.10.1
harmoniharmoni
0.11.0
harmoniharmoni
0.12.0
harmoniharmoni
0.12.1
harmoniharmoni
0.12.3
harmoniharmoni
0.13.0
harmoniharmoni
0.13.1
harmoniharmoni
0.13.2
harmoniharmoni
0.13.3
harmoniharmoni
0.13.4
harmoniharmoni
0.13.5
harmoniharmoni
0.13.6
harmoniharmoni
0.13.7
harmoniharmoni
1.0.0
harmoniharmoni
1.0.1
harmoniharmoni
1.0.2
harmoniharmoni
1.0.3
harmoniharmoni
1.0.5
harmoniharmoni
1.0.6
harmoniharmoni
1.1.0
harmoniharmoni
1.3.0
harmoniharmoni
1.3.2
harmoniharmoni
1.3.4
harmoniharmoni
1.3.5
harmoniharmoni
1.4.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/31406
http://sourceforge.net/tracker/index.php?func=detail&aid=2040255&group_id=82171&atid=1098812
http://www.securityfocus.com/bid/30637
https://exchange.xforce.ibmcloud.com/vulnerabilities/44394
http://secunia.com/advisories/31406
http://sourceforge.net/tracker/index.php?func=detail&aid=2040255&group_id=82171&atid=1098812
http://www.securityfocus.com/bid/30637
https://exchange.xforce.ibmcloud.com/vulnerabilities/44394