Vulnerability Description
Cross-site scripting (XSS) vulnerability in the search feature in the Forum plugin before 2.7.1 for Geeklog allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably related to (1) public_html/index.php, (2) config.php, and (3) functions.inc.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Portalparts | Forum Plugin | <= 2.5 |
Related Weaknesses (CWE)
References
- http://jvn.jp/en/jp/JVN60419863/index.html
- http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000045.html
- http://secunia.com/advisories/31188Vendor Advisory
- http://www.geeklog.net/article.php/20080719093147449
- http://www.securityfocus.com/bid/30355
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43971
- http://jvn.jp/en/jp/JVN60419863/index.html
- http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000045.html
- http://secunia.com/advisories/31188Vendor Advisory
- http://www.geeklog.net/article.php/20080719093147449
- http://www.securityfocus.com/bid/30355
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43971
FAQ
What is CVE-2008-3316?
CVE-2008-3316 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in the search feature in the Forum plugin before 2.7.1 for Geeklog allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, prob...
How severe is CVE-2008-3316?
CVE-2008-3316 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-3316?
Check the references section above for vendor advisories and patch information. Affected products include: Portalparts Forum Plugin.