Vulnerability Description
Cross-site scripting (XSS) vulnerability in Mayaa before 1.1.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the default error page for the org.seasar.mayaa.impl.engine.PageNotFoundException exception and possibly other exceptions.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Seasar | Mayaa | <= 1.1.22 |
Related Weaknesses (CWE)
References
- http://jvn.jp/en/jp/JVN17298485/index.html
- http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000085.html
- http://mayaa.seasar.org/news/vulnerability20081225.html
- http://osvdb.org/51007
- http://secunia.com/advisories/33333
- http://www.securityfocus.com/bid/33015
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47623
- http://jvn.jp/en/jp/JVN17298485/index.html
- http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000085.html
- http://mayaa.seasar.org/news/vulnerability20081225.html
- http://osvdb.org/51007
- http://secunia.com/advisories/33333
- http://www.securityfocus.com/bid/33015
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47623
FAQ
What is CVE-2008-5720?
CVE-2008-5720 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in Mayaa before 1.1.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the default error page for the org.seas...
How severe is CVE-2008-5720?
CVE-2008-5720 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-5720?
Check the references section above for vendor advisories and patch information. Affected products include: Seasar Mayaa.