Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Jinzora Media Jukebox 2.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) frontend, (2) set_frontend, (3) jz_path, (4) theme, and (5) set_theme parameters to (a) index.php; the frontend, theme, and (6) language parameters to (b) ajax_request.php; the jz_path parameter to (c) slim.php; the frontend, theme, and jz_path parameters to (d) popup.php; the (13) PATH_INFO to index.php and (e) slim.php; and the (14) query parameter in a playlistedit action and (15) siteNewsData parameter in a sitenews action to (f) popup.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jinzora | Media Jukebox | 2.7.5 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/29023Vendor Advisory
- http://securityreason.com/securityalert/3683
- http://www.securityfocus.com/archive/1/488326/100/0/threaded
- http://www.securityfocus.com/bid/27876
- http://secunia.com/advisories/29023Vendor Advisory
- http://securityreason.com/securityalert/3683
- http://www.securityfocus.com/archive/1/488326/100/0/threaded
- http://www.securityfocus.com/bid/27876
FAQ
What is CVE-2008-0877?
CVE-2008-0877 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in Jinzora Media Jukebox 2.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) frontend, (2) set_frontend, (3) jz_path, (4...
How severe is CVE-2008-0877?
CVE-2008-0877 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-0877?
Check the references section above for vendor advisories and patch information. Affected products include: Jinzora Media Jukebox.