CVE-2008-4520

Autonessus < 1.2.1 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in bulk_update.pl in AutoNessus before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the remark parameter.

References (6)

[Product] http://autonessus.cvs.sourceforge.net/viewvc/autonessus/AutoNessus/www/bulk_update.pl?r1=1.2&r2=1.3

[Vendor Advisory] http://secunia.com/advisories/32046

[Patch] http://sourceforge.net/project/shownotes.php?group_id=216367&release_id=630124

[Vendor Advisory] http://sourceforge.net/tracker/index.php?func=detail&aid=2141884&group_id=216367&atid=1037394

[Patch] http://www.securityfocus.com/bid/31559

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/45634

Scores

EPSS 0.0052

EPSS Percentile 66.3%

Classification

CWE

CWE-79

Status published

Affected Products (6)

autonessus/autonessus < 1.2.1

autonessus/autonessus

n/a/n/a

Timeline

Published Oct 09, 2008

Tracked Since Feb 18, 2026