CVE-2008-4076 - OpenCVE

Cross-site scripting (XSS) vulnerability in (1) Tor World Tor Board 1.3 and earlier, (2) Topics BBS 1.11 and earlier, (3) Simple BBS 1.86 and earlier, and (4) Interactive BBS 1.57 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-0917.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Tor World	Tor Board Interactive Bbs Simple Bbs Topics Bbs

Configuration 1 [-]

OR	cpe:2.3:a:tor_world:interactive_bbs::::::::
	cpe:2.3:a:tor_world:simple_bbs::::::::
	cpe:2.3:a:tor_world:simple_bbs:1.3:::::::*
	cpe:2.3:a:tor_world:topics_bbs::::::::
	cpe:2.3:a:tor_world:tor_board::::::::
	cpe:2.3:a:tor_world:tor_board:1.1:::::::*

References

Link	Resource
http://download.torworld.com/bug/20080905.html	Patch
http://jvn.jp/en/jp/JVN18616622/index.html
http://secunia.com/advisories/31835
http://www.securityfocus.com/bid/31105	Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/45043

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2008-09-15T15:00:00

Updated: 2017-08-07T12:57:01

Reserved: 2008-09-15T00:00:00

Link: CVE-2008-4076

JSON object: View

NVD Information

Status : Modified

Published: 2008-09-15T15:14:07.337

Modified: 2017-08-08T01:32:23.890

Link: CVE-2008-4076

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-09-10T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in (1) Tor World Tor Board 1.3 and earlier, (2) Topics BBS 1.11 and earlier, (3) Simple BBS 1.86 and earlier, and (4) Interactive BBS 1.57 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-0917."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "31835", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31835"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://download.torworld.com/bug/20080905.html"}, {"name": "tor-world-multiple-unspecified-xss(45043)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45043"}, {"name": "31105", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/31105"}, {"name": "JVN#18616622", "tags": ["third-party-advisory", "x_refsource_JVN"], "url": "http://jvn.jp/en/jp/JVN18616622/index.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-4076", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in (1) Tor World Tor Board 1.3 and earlier, (2) Topics BBS 1.11 and earlier, (3) Simple BBS 1.86 and earlier, and (4) Interactive BBS 1.57 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-0917."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "31835", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31835"}, {"name": "http://download.torworld.com/bug/20080905.html", "refsource": "CONFIRM", "url": "http://download.torworld.com/bug/20080905.html"}, {"name": "tor-world-multiple-unspecified-xss(45043)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45043"}, {"name": "31105", "refsource": "BID", "url": "http://www.securityfocus.com/bid/31105"}, {"name": "JVN#18616622", "refsource": "JVN", "url": "http://jvn.jp/en/jp/JVN18616622/index.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-4076", "datePublished": "2008-09-15T15:00:00", "dateReserved": "2008-09-15T00:00:00", "dateUpdated": "2017-08-07T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tor_world:interactive_bbs:*:*:*:*:*:*:*:*", "matchCriteriaId": "44638D98-6133-46A5-AAFB-CFFEE1BAD983", "versionEndIncluding": "1.57", "vulnerable": true}, {"criteria": "cpe:2.3:a:tor_world:simple_bbs:*:*:*:*:*:*:*:*", "matchCriteriaId": "F6522E41-84B0-4A1C-835A-4C423B2FE125", "versionEndIncluding": "1.86", "vulnerable": true}, {"criteria": "cpe:2.3:a:tor_world:simple_bbs:1.3:*:*:*:*:*:*:*", "matchCriteriaId": "C65B72C5-9C2A-49B4-9292-09B58DD7496E", "vulnerable": true}, {"criteria": "cpe:2.3:a:tor_world:topics_bbs:*:*:*:*:*:*:*:*", "matchCriteriaId": "D115C37C-C9C2-4058-97E5-840A6FC3C4C0", "versionEndIncluding": "1.11", "vulnerable": true}, {"criteria": "cpe:2.3:a:tor_world:tor_board:*:*:*:*:*:*:*:*", "matchCriteriaId": "59266471-5B2C-4356-9C40-2FD390B6B769", "versionEndIncluding": "1.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:tor_world:tor_board:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "3D7C4FD4-9402-479C-9986-6C34362F056F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in (1) Tor World Tor Board 1.3 and earlier, (2) Topics BBS 1.11 and earlier, (3) Simple BBS 1.86 and earlier, and (4) Interactive BBS 1.57 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-0917."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en (1) Tor World Tor Board 1.3 y versiones anteriores, (2) Topics BBS 1.11 y versiones anteriores, (3) Simple BBS 1.86 y versiones anteriores, y (4) Interactive BBS 1.57 y versiones anteriores permite a atacantes remotos inyectar web script o HTML a trav\u00e9s de vectores no especificados, una cuesti\u00f3n diferente a CVE-2008-0917."}], "id": "CVE-2008-4076", "lastModified": "2017-08-08T01:32:23.890", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2008-09-15T15:14:07.337", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://download.torworld.com/bug/20080905.html"}, {"source": "cve@mitre.org", "url": "http://jvn.jp/en/jp/JVN18616622/index.html"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/31835"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/31105"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45043"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}