Vulnerability Description
Cross-site scripting (XSS) vulnerability in view.php in ActualScripts ActualAnalyzer Server 8.37 and earlier, ActualAnalyzer Gold 7.74 and earlier, ActualAnalyzer Pro 6.95 and earlier, and ActualAnalyzer Lite 2.78 and earlier allows remote attackers to inject arbitrary web script or HTML via the language parameter.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Actualscripts | Actualanalyzer Gold | 7.21 |
| Actualscripts | Actualanalyzer Lite | <= 2.78 |
| Actualscripts | Actualanalyzer Pro | <= 6.95 |
| Actualscripts | Actualanalyzer Server | <= 8.37 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/30205Vendor Advisory
- http://www.majorsecurity.de/index_2.php?major_rls=major_rls52
- http://www.securityfocus.com/archive/1/491982/100/0/threaded
- http://www.securityfocus.com/bid/29177
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42367
- http://secunia.com/advisories/30205Vendor Advisory
- http://www.majorsecurity.de/index_2.php?major_rls=major_rls52
- http://www.securityfocus.com/archive/1/491982/100/0/threaded
- http://www.securityfocus.com/bid/29177
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42367
FAQ
What is CVE-2008-2527?
CVE-2008-2527 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in view.php in ActualScripts ActualAnalyzer Server 8.37 and earlier, ActualAnalyzer Gold 7.74 and earlier, ActualAnalyzer Pro 6.95 and earlier, and ActualAnaly...
How severe is CVE-2008-2527?
CVE-2008-2527 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-2527?
Check the references section above for vendor advisories and patch information. Affected products include: Actualscripts Actualanalyzer Gold, Actualscripts Actualanalyzer Lite, Actualscripts Actualanalyzer Pro, Actualscripts Actualanalyzer Server.