Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Interchange 5.7 before 5.7.1, 5.6 before 5.6.1, and 5.4 before 5.4.3 allow remote attackers to inject arbitrary web script or HTML via (1) the mv_order_item CGI variable parameter in Core, (2) the country-select widget, or (3) possibly the value specifier when used in the UserTag feature.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Icdevgroup | Interchange | 5.4.0 |
Related Weaknesses (CWE)
References
- http://ftp.icdevgroup.org/interchange/5.7/WHATSNEWVendor Advisory
- http://osvdb.org/49852
- http://osvdb.org/49853
- http://secunia.com/advisories/32658Vendor Advisory
- http://www.icdevgroup.org/i/dev/news?id=ssEkj9j8&mv_arg=00030&mv_pc=96PatchVendor Advisory
- http://www.securityfocus.com/bid/32297
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46598
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46599
- http://ftp.icdevgroup.org/interchange/5.7/WHATSNEWVendor Advisory
- http://osvdb.org/49852
- http://osvdb.org/49853
- http://secunia.com/advisories/32658Vendor Advisory
- http://www.icdevgroup.org/i/dev/news?id=ssEkj9j8&mv_arg=00030&mv_pc=96PatchVendor Advisory
- http://www.securityfocus.com/bid/32297
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46598
FAQ
What is CVE-2008-6945?
CVE-2008-6945 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in Interchange 5.7 before 5.7.1, 5.6 before 5.6.1, and 5.4 before 5.4.3 allow remote attackers to inject arbitrary web script or HTML via (1) the mv...
How severe is CVE-2008-6945?
CVE-2008-6945 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-6945?
Check the references section above for vendor advisories and patch information. Affected products include: Icdevgroup Interchange.