cvelistv5 - CVE-2008-2410

CVE-2008-2410 (GCVE-0-2008-2410)

Vulnerability from cvelistv5 – Published: 2008-05-22 10:00 – Updated: 2024-08-07 08:58

Summary

Cross-site scripting (XSS) vulnerability in the servlet engine and Web container in the Web Server service in IBM Lotus Domino before 7.0.3 FP1, and 8.x before 8.0.1, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.vupen.com/english/advisories/2008/1597	vdb-entryx_refsource_VUPEN
	http://www-1.ibm.com/support/docview.wss?uid=swg2…	x_refsource_CONFIRM
	http://secunia.com/advisories/30310	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/30332	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/bid/29311	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:58:02.307Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-lotusdomino-servlet-web-xss(42553)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42553"
          },
          {
            "name": "ADV-2008-1597",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1597"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21303296"
          },
          {
            "name": "30310",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30310"
          },
          {
            "name": "30332",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30332"
          },
          {
            "name": "29311",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/29311"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-05-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the servlet engine and Web container in the Web Server service in IBM Lotus Domino before 7.0.3 FP1, and 8.x before 8.0.1, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ibm-lotusdomino-servlet-web-xss(42553)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42553"
        },
        {
          "name": "ADV-2008-1597",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1597"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21303296"
        },
        {
          "name": "30310",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30310"
        },
        {
          "name": "30332",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30332"
        },
        {
          "name": "29311",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/29311"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-2410",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the servlet engine and Web container in the Web Server service in IBM Lotus Domino before 7.0.3 FP1, and 8.x before 8.0.1, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-lotusdomino-servlet-web-xss(42553)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42553"
            },
            {
              "name": "ADV-2008-1597",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1597"
            },
            {
              "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21303296",
              "refsource": "CONFIRM",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21303296"
            },
            {
              "name": "30310",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30310"
            },
            {
              "name": "30332",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30332"
            },
            {
              "name": "29311",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/29311"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-2410",
    "datePublished": "2008-05-22T10:00:00",
    "dateReserved": "2008-05-22T00:00:00",
    "dateUpdated": "2024-08-07T08:58:02.307Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:lotus_domino_web_server:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"8.0\", \"matchCriteriaId\": \"DC0B5C12-70BE-461B-9C58-E013BCA05D4B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:lotus_domino_web_server:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3FB51B8A-58CF-4F26-B1D3-9C572658EE03\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:lotus_domino_web_server:7.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2F86B710-6F83-4145-BABD-A742C0BB88A9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:lotus_domino_web_server:7.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1E23B4E9-2AF5-407F-87AE-4F49F78B07A9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:lotus_domino_web_server:7.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E344283F-CC85-424D-B19D-A41366937653\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cross-site scripting (XSS) vulnerability in the servlet engine and Web container in the Web Server service in IBM Lotus Domino before 7.0.3 FP1, and 8.x before 8.0.1, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de ejecuci\\u00f3n de comandos en sitios cruzados (XSS) en el motor de servlets y el contenedor Web en el servicio  Web Server de IBM Lotus Domino anterior a 7.0.3 FP1 y 8.x anterior al 8.0.1, permite a usuarios autenticados remotamente inyectar secuencias de comandos web y HTML de su elecci\\u00f3n a trav\\u00e9s de vectores no especificados.\"}]",
      "id": "CVE-2008-2410",
      "lastModified": "2024-11-21T00:46:49.457",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2008-05-22T13:09:00.000",
      "references": "[{\"url\": \"http://secunia.com/advisories/30310\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/30332\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www-1.ibm.com/support/docview.wss?uid=swg21303296\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/29311\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1597\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/42553\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/30310\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/30332\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www-1.ibm.com/support/docview.wss?uid=swg21303296\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/29311\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1597\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/42553\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-2410\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-05-22T13:09:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site scripting (XSS) vulnerability in the servlet engine and Web container in the Web Server service in IBM Lotus Domino before 7.0.3 FP1, and 8.x before 8.0.1, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en el motor de servlets y el contenedor Web en el servicio  Web Server de IBM Lotus Domino anterior a 7.0.3 FP1 y 8.x anterior al 8.0.1, permite a usuarios autenticados remotamente inyectar secuencias de comandos web y HTML de su elecci\u00f3n a trav\u00e9s de vectores no especificados.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:lotus_domino_web_server:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"8.0\",\"matchCriteriaId\":\"DC0B5C12-70BE-461B-9C58-E013BCA05D4B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:lotus_domino_web_server:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3FB51B8A-58CF-4F26-B1D3-9C572658EE03\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:lotus_domino_web_server:7.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F86B710-6F83-4145-BABD-A742C0BB88A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:lotus_domino_web_server:7.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E23B4E9-2AF5-407F-87AE-4F49F78B07A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:lotus_domino_web_server:7.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E344283F-CC85-424D-B19D-A41366937653\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/30310\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/30332\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www-1.ibm.com/support/docview.wss?uid=swg21303296\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/29311\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1597\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/42553\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/30310\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/30332\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www-1.ibm.com/support/docview.wss?uid=swg21303296\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/29311\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1597\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/42553\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GSD-2008-2410

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2008-2410

Aliases

CVE-2008-2410

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-2410",
    "description": "Cross-site scripting (XSS) vulnerability in the servlet engine and Web container in the Web Server service in IBM Lotus Domino before 7.0.3 FP1, and 8.x before 8.0.1, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.",
    "id": "GSD-2008-2410"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-2410"
      ],
      "details": "Cross-site scripting (XSS) vulnerability in the servlet engine and Web container in the Web Server service in IBM Lotus Domino before 7.0.3 FP1, and 8.x before 8.0.1, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.",
      "id": "GSD-2008-2410",
      "modified": "2023-12-13T01:23:00.928210Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-2410",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site scripting (XSS) vulnerability in the servlet engine and Web container in the Web Server service in IBM Lotus Domino before 7.0.3 FP1, and 8.x before 8.0.1, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "ibm-lotusdomino-servlet-web-xss(42553)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42553"
          },
          {
            "name": "ADV-2008-1597",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/1597"
          },
          {
            "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21303296",
            "refsource": "CONFIRM",
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21303296"
          },
          {
            "name": "30310",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/30310"
          },
          {
            "name": "30332",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/30332"
          },
          {
            "name": "29311",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/29311"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:lotus_domino_web_server:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:lotus_domino_web_server:7.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:lotus_domino_web_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:lotus_domino_web_server:7.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:lotus_domino_web_server:7.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-2410"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the servlet engine and Web container in the Web Server service in IBM Lotus Domino before 7.0.3 FP1, and 8.x before 8.0.1, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21303296",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21303296"
            },
            {
              "name": "30310",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/30310"
            },
            {
              "name": "30332",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/30332"
            },
            {
              "name": "29311",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/29311"
            },
            {
              "name": "ADV-2008-1597",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/1597"
            },
            {
              "name": "ibm-lotusdomino-servlet-web-xss(42553)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42553"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-08-08T01:31Z",
      "publishedDate": "2008-05-22T13:09Z"
    }
  }
}

GHSA-2WHF-925V-QJCF

Vulnerability from github – Published: 2022-05-01 23:49 – Updated: 2022-05-01 23:49

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-2410"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-05-22T13:09:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site scripting (XSS) vulnerability in the servlet engine and Web container in the Web Server service in IBM Lotus Domino before 7.0.3 FP1, and 8.x before 8.0.1, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.",
  "id": "GHSA-2whf-925v-qjcf",
  "modified": "2022-05-01T23:49:52Z",
  "published": "2022-05-01T23:49:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2410"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42553"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30310"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30332"
    },
    {
      "type": "WEB",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21303296"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/29311"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/1597"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2008-2410

Vulnerability from fkie_nvd - Published: 2008-05-22 13:09 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/30310	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/30332	Vendor Advisory
cve@mitre.org	http://www-1.ibm.com/support/docview.wss?uid=swg21303296
cve@mitre.org	http://www.securityfocus.com/bid/29311
cve@mitre.org	http://www.vupen.com/english/advisories/2008/1597
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/42553
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30310	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30332	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-1.ibm.com/support/docview.wss?uid=swg21303296
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/29311
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1597
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/42553

Impacted products

Vendor	Product	Version
ibm	lotus_domino_web_server	*
ibm	lotus_domino_web_server	7.0
ibm	lotus_domino_web_server	7.0.1
ibm	lotus_domino_web_server	7.0.2
ibm	lotus_domino_web_server	7.0.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:lotus_domino_web_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC0B5C12-70BE-461B-9C58-E013BCA05D4B",
              "versionEndIncluding": "8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_domino_web_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FB51B8A-58CF-4F26-B1D3-9C572658EE03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_domino_web_server:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F86B710-6F83-4145-BABD-A742C0BB88A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_domino_web_server:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E23B4E9-2AF5-407F-87AE-4F49F78B07A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_domino_web_server:7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E344283F-CC85-424D-B19D-A41366937653",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the servlet engine and Web container in the Web Server service in IBM Lotus Domino before 7.0.3 FP1, and 8.x before 8.0.1, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en el motor de servlets y el contenedor Web en el servicio  Web Server de IBM Lotus Domino anterior a 7.0.3 FP1 y 8.x anterior al 8.0.1, permite a usuarios autenticados remotamente inyectar secuencias de comandos web y HTML de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2008-2410",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-05-22T13:09:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30310"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30332"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21303296"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/29311"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/1597"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42553"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30310"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30332"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21303296"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/29311"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1597"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42553"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-2410 (GCVE-0-2008-2410)

GSD-2008-2410

GHSA-2WHF-925V-QJCF

FKIE_CVE-2008-2410

Tags

Sightings

Nomenclature