Bug: Crafty Syntax Xss Vulnerability ( Ascii Version )

Search:
WLB2

Crafty Syntax Xss Vulnerability

Published
Credit
Risk
2008.02.21
Ozgur Ozdemircili
Low
CWE
CVE
Local
Remote
CWE-79
CVE-2008-0848
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

Crafty Syntax Live Help is an open source help desk system built
mainly for small-mid sized companies. The software includes an xss
vulnerability on lostsheep.php module.

Versions effected: 2.4.13 - 2.4.14

--
Ozgur Ozdemircili
CCNA, HIPAA, OPSEC,
Open Source Security Systems
http://www.enderunix.org/ozgur

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version