CVE-2008-6945 - Vulnerability Details - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in Interchange 5.7 before 5.7.1, 5.6 before 5.6.1, and 5.4 before 5.4.3 allow remote attackers to inject arbitrary web script or HTML via (1) the mv_order_item CGI variable parameter in Core, (2) the country-select widget, or (3) possibly the value specifier when used in the UserTag feature.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Icdevgroup	Interchange

Configuration 1 [-]

OR	cpe:2.3:a:icdevgroup:interchange:5.4.0:::::::*
	cpe:2.3:a:icdevgroup:interchange:5.4.1:::::::*
	cpe:2.3:a:icdevgroup:interchange:5.4.2:::::::*
	cpe:2.3:a:icdevgroup:interchange:5.6.0:::::::*
	cpe:2.3:a:icdevgroup:interchange:5.7.0:::::::*

No data.

References

Link	Providers
http://ftp.icdevgroup.org/interchange/5.7/WHATSNEW
http://osvdb.org/49852
http://osvdb.org/49853
http://secunia.com/advisories/32658
http://www.icdevgroup.org/i/dev/news?id=ssEkj9j8&mv_arg=00030&mv_pc=96
http://www.securityfocus.com/bid/32297
https://exchange.xforce.ibmcloud.com/vulnerabilities/46598
https://exchange.xforce.ibmcloud.com/vulnerabilities/46599

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-08-12T10:00:00

Updated: 2024-08-07T11:49:02.402Z

Reserved: 2009-08-11T00:00:00

Link: CVE-2008-6945

Vulnrichment

No data.

NVD

Status : Modified

Published: 2009-08-12T10:30:00.640

Modified: 2024-11-21T00:57:52.503

Link: CVE-2008-6945

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-11-13T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Interchange 5.7 before 5.7.1, 5.6 before 5.6.1, and 5.4 before 5.4.3 allow remote attackers to inject arbitrary web script or HTML via (1) the mv_order_item CGI variable parameter in Core, (2) the country-select widget, or (3) possibly the value specifier when used in the UserTag feature."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "32658", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32658"}, {"name": "interchange-countryselectwidget-xss(46598)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46598"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.icdevgroup.org/i/dev/news?id=ssEkj9j8&mv_arg=00030&mv_pc=96"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://ftp.icdevgroup.org/interchange/5.7/WHATSNEW"}, {"name": "interchange-mvorderitem-xss(46599)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46599"}, {"name": "49853", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/49853"}, {"name": "32297", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/32297"}, {"name": "49852", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/49852"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-6945", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Interchange 5.7 before 5.7.1, 5.6 before 5.6.1, and 5.4 before 5.4.3 allow remote attackers to inject arbitrary web script or HTML via (1) the mv_order_item CGI variable parameter in Core, (2) the country-select widget, or (3) possibly the value specifier when used in the UserTag feature."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "32658", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32658"}, {"name": "interchange-countryselectwidget-xss(46598)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46598"}, {"name": "http://www.icdevgroup.org/i/dev/news?id=ssEkj9j8&mv_arg=00030&mv_pc=96", "refsource": "CONFIRM", "url": "http://www.icdevgroup.org/i/dev/news?id=ssEkj9j8&mv_arg=00030&mv_pc=96"}, {"name": "http://ftp.icdevgroup.org/interchange/5.7/WHATSNEW", "refsource": "CONFIRM", "url": "http://ftp.icdevgroup.org/interchange/5.7/WHATSNEW"}, {"name": "interchange-mvorderitem-xss(46599)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46599"}, {"name": "49853", "refsource": "OSVDB", "url": "http://osvdb.org/49853"}, {"name": "32297", "refsource": "BID", "url": "http://www.securityfocus.com/bid/32297"}, {"name": "49852", "refsource": "OSVDB", "url": "http://osvdb.org/49852"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T11:49:02.402Z"}, "title": "CVE Program Container", "references": [{"name": "32658", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/32658"}, {"name": "interchange-countryselectwidget-xss(46598)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46598"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.icdevgroup.org/i/dev/news?id=ssEkj9j8&mv_arg=00030&mv_pc=96"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://ftp.icdevgroup.org/interchange/5.7/WHATSNEW"}, {"name": "interchange-mvorderitem-xss(46599)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46599"}, {"name": "49853", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/49853"}, {"name": "32297", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/32297"}, {"name": "49852", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/49852"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-6945", "datePublished": "2009-08-12T10:00:00", "dateReserved": "2009-08-11T00:00:00", "dateUpdated": "2024-08-07T11:49:02.402Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:icdevgroup:interchange:5.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "BA9547B6-91A7-49F5-9013-F7B5B1853F81", "vulnerable": true}, {"criteria": "cpe:2.3:a:icdevgroup:interchange:5.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "665111F3-8F4C-496F-8F1C-F95F63486F12", "vulnerable": true}, {"criteria": "cpe:2.3:a:icdevgroup:interchange:5.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "D29016C3-479F-4B05-BC2F-95A0E84E562F", "vulnerable": true}, {"criteria": "cpe:2.3:a:icdevgroup:interchange:5.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "61E31CAA-5DE4-408D-88C2-0A97C3B39DFF", "vulnerable": true}, {"criteria": "cpe:2.3:a:icdevgroup:interchange:5.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "27D18865-1291-434D-923B-0FE99CF68CEC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Interchange 5.7 before 5.7.1, 5.6 before 5.6.1, and 5.4 before 5.4.3 allow remote attackers to inject arbitrary web script or HTML via (1) the mv_order_item CGI variable parameter in Core, (2) the country-select widget, or (3) possibly the value specifier when used in the UserTag feature."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Interchange v5.7 anteriores a v5.7.1, v5.6 anteriores a v5.6.1, y v5.4 anteriores a v5.4.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML de forma arbitraria a trav\u00e9s de (1) el par\u00e1metro de la variable CGI mv_order_item CGI en Core, (2) el widget country-select, o (3) posiblemente el especificador de valor cuando es utilizado en la caracter\u00edstica UserTag."}], "id": "CVE-2008-6945", "lastModified": "2024-11-21T00:57:52.503", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2009-08-12T10:30:00.640", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://ftp.icdevgroup.org/interchange/5.7/WHATSNEW"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/49852"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/49853"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/32658"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.icdevgroup.org/i/dev/news?id=ssEkj9j8&mv_arg=00030&mv_pc=96"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/32297"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46598"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46599"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://ftp.icdevgroup.org/interchange/5.7/WHATSNEW"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/49852"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/49853"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/32658"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.icdevgroup.org/i/dev/news?id=ssEkj9j8&mv_arg=00030&mv_pc=96"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/32297"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46598"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46599"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}