Vulnerability Description
Cross-site scripting (XSS) vulnerability in RTE_popup_link.asp in Web Wiz Rich Text Editor (RTE) 3.x and 4.x before 4.03 allows remote attackers to inject arbitrary web script or HTML via the email parameter.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Webwizguide | Web Wiz Rich Text Editor | <= 4.02 |
Related Weaknesses (CWE)
References
- http://depo2.nm.ru/WebWiz_Rich_Text_Editor_v4.02_XSS.txtExploit
- http://secunia.com/advisories/31272Vendor Advisory
- http://securityreason.com/securityalert/4055
- http://www.securityfocus.com/archive/1/494822/100/0/threaded
- http://www.securityfocus.com/bid/30408
- http://www.vupen.com/english/advisories/2008/2210/references
- http://depo2.nm.ru/WebWiz_Rich_Text_Editor_v4.02_XSS.txtExploit
- http://secunia.com/advisories/31272Vendor Advisory
- http://securityreason.com/securityalert/4055
- http://www.securityfocus.com/archive/1/494822/100/0/threaded
- http://www.securityfocus.com/bid/30408
- http://www.vupen.com/english/advisories/2008/2210/references
FAQ
What is CVE-2008-3367?
CVE-2008-3367 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in RTE_popup_link.asp in Web Wiz Rich Text Editor (RTE) 3.x and 4.x before 4.03 allows remote attackers to inject arbitrary web script or HTML via the email pa...
How severe is CVE-2008-3367?
CVE-2008-3367 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-3367?
Check the references section above for vendor advisories and patch information. Affected products include: Webwizguide Web Wiz Rich Text Editor.