Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Cezanne 6.5.1 and 7 allow remote attackers to inject arbitrary web script or HTML via the (1) LookUPId and (2) CbFun parameters to (a) CFLookUP.asp; (3) TitleParms, (4) WidgetsHeights, (5) WidgetsLinks, and (6) WidgetsTitles parameters to (b) CznCommon/CznCustomContainer.asp, (7) CFTARGET parameter to (c) home.asp, (8) PersonOid parameter to (d) PeopleWeb/Cards/CVCard.asp, (9) DESTLINKOID and PersonOID parameters to (e) PeopleWeb/Cards/PayrollCard.asp, and the (10) FolderTemplateId and (11) FolderTemplateName parameters to (f) PeopleWeb/CznDocFolder/CznDFStartProcess.asp.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cezannesw | Cezanne | 6.5.1 |
Related Weaknesses (CWE)
References
- http://securityreason.com/securityalert/3829
- http://www.s21sec.com/es/avisos/s21sec-042-en.txt
- http://www.securityfocus.com/archive/1/490846/100/0/threaded
- http://www.securityfocus.com/bid/28772Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41821
- http://securityreason.com/securityalert/3829
- http://www.s21sec.com/es/avisos/s21sec-042-en.txt
- http://www.securityfocus.com/archive/1/490846/100/0/threaded
- http://www.securityfocus.com/bid/28772Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41821
FAQ
What is CVE-2008-1969?
CVE-2008-1969 is a vulnerability with a CVSS score of 3.5 (LOW). Multiple cross-site scripting (XSS) vulnerabilities in Cezanne 6.5.1 and 7 allow remote attackers to inject arbitrary web script or HTML via the (1) LookUPId and (2) CbFun parameters to (a) CFLookUP.a...
How severe is CVE-2008-1969?
CVE-2008-1969 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-1969?
Check the references section above for vendor advisories and patch information. Affected products include: Cezannesw Cezanne.