Vulnerability-Lookup

CVE-2008-2165 (GCVE-0-2008-2165)

Vulnerability from cvelistv5 – Published: 2008-05-16 06:54 – Updated: 2024-08-07 08:49

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/archive/1/492043/100…	mailing-listx_refsource_BUGTRAQ
	http://www.securityfocus.com/archive/1/492093/100…	mailing-listx_refsource_BUGTRAQ
	http://www.securityfocus.com/bid/29191	vdb-entryx_refsource_BID
	http://secunia.com/advisories/30222	third-party-advisoryx_refsource_SECUNIA
	http://securityreason.com/securityalert/3895	third-party-advisoryx_refsource_SREASON
	http://www.vupen.com/english/advisories/2008/1535	vdb-entryx_refsource_VUPEN
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://securitytracker.com/id?1020018	vdb-entryx_refsource_SECTRACK

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:49:58.504Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20080513 Cisco BBSM Captive Portal Cross-site Scripting",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/492043/100/0/threaded"
          },
          {
            "name": "20080514 Re: Cisco BBSM Captive Portal Cross-site Scripting",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/492093/100/0/threaded"
          },
          {
            "name": "29191",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/29191"
          },
          {
            "name": "30222",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30222"
          },
          {
            "name": "3895",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/3895"
          },
          {
            "name": "ADV-2008-1535",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1535"
          },
          {
            "name": "cisco-bbsm-accesscodestart-xss(42395)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42395"
          },
          {
            "name": "1020018",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1020018"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-05-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in AccessCodeStart.asp in Cisco Building Broadband Service Manager (BBSM) Captive Portal 5.3 allows remote attackers to inject arbitrary web script or HTML via the msg parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20080513 Cisco BBSM Captive Portal Cross-site Scripting",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/492043/100/0/threaded"
        },
        {
          "name": "20080514 Re: Cisco BBSM Captive Portal Cross-site Scripting",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/492093/100/0/threaded"
        },
        {
          "name": "29191",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/29191"
        },
        {
          "name": "30222",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30222"
        },
        {
          "name": "3895",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/3895"
        },
        {
          "name": "ADV-2008-1535",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1535"
        },
        {
          "name": "cisco-bbsm-accesscodestart-xss(42395)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42395"
        },
        {
          "name": "1020018",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1020018"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-2165",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in AccessCodeStart.asp in Cisco Building Broadband Service Manager (BBSM) Captive Portal 5.3 allows remote attackers to inject arbitrary web script or HTML via the msg parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20080513 Cisco BBSM Captive Portal Cross-site Scripting",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/492043/100/0/threaded"
            },
            {
              "name": "20080514 Re: Cisco BBSM Captive Portal Cross-site Scripting",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/492093/100/0/threaded"
            },
            {
              "name": "29191",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/29191"
            },
            {
              "name": "30222",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30222"
            },
            {
              "name": "3895",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/3895"
            },
            {
              "name": "ADV-2008-1535",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1535"
            },
            {
              "name": "cisco-bbsm-accesscodestart-xss(42395)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42395"
            },
            {
              "name": "1020018",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1020018"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-2165",
    "datePublished": "2008-05-16T06:54:00",
    "dateReserved": "2008-05-13T00:00:00",
    "dateUpdated": "2024-08-07T08:49:58.504Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-2165\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-05-16T12:54:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site scripting (XSS) vulnerability in AccessCodeStart.asp in Cisco Building Broadband Service Manager (BBSM) Captive Portal 5.3 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en AccessCodeStart.asp de Cisco Building Broadband Service Manager (BBSM) Captive Portal 5.3 permite a atacantes remotos inyectar web script o HTML a trav\u00e9s del par\u00e1metro msg.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:building_broadband_service_manager:5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F77E609-5124-427D-BB5F-6350721CF9A2\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/30222\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/3895\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1020018\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/492043/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/492093/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/29191\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1535\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/42395\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/30222\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/3895\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1020018\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/492043/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/492093/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/29191\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1535\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/42395\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2008-2165

Vulnerability from fkie_nvd - Published: 2008-05-16 12:54 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/30222	Vendor Advisory
cve@mitre.org	http://securityreason.com/securityalert/3895
cve@mitre.org	http://securitytracker.com/id?1020018
cve@mitre.org	http://www.securityfocus.com/archive/1/492043/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/492093/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/29191
cve@mitre.org	http://www.vupen.com/english/advisories/2008/1535
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/42395
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30222	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/3895
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1020018
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/492043/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/492093/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/29191
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1535
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/42395

Impacted products

	Vendor	Product	Version
	cisco	building_broadband_service_manager	5.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:building_broadband_service_manager:5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F77E609-5124-427D-BB5F-6350721CF9A2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in AccessCodeStart.asp in Cisco Building Broadband Service Manager (BBSM) Captive Portal 5.3 allows remote attackers to inject arbitrary web script or HTML via the msg parameter."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en AccessCodeStart.asp de Cisco Building Broadband Service Manager (BBSM) Captive Portal 5.3 permite a atacantes remotos inyectar web script o HTML a trav\u00e9s del par\u00e1metro msg."
    }
  ],
  "id": "CVE-2008-2165",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-05-16T12:54:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30222"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/3895"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1020018"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/492043/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/492093/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/29191"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/1535"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42395"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30222"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/3895"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1020018"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/492043/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/492093/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/29191"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1535"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42395"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-F4C5-5QX8-V3VP

Vulnerability from github – Published: 2022-05-01 23:47 – Updated: 2022-05-01 23:47

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-2165"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-05-16T12:54:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site scripting (XSS) vulnerability in AccessCodeStart.asp in Cisco Building Broadband Service Manager (BBSM) Captive Portal 5.3 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.",
  "id": "GHSA-f4c5-5qx8-v3vp",
  "modified": "2022-05-01T23:47:12Z",
  "published": "2022-05-01T23:47:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2165"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42395"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30222"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/3895"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1020018"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/492043/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/492093/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/29191"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/1535"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2008-AVI-256

Vulnerability from certfr_avis - Published: 2008-05-20 - Updated: 2008-05-20

Une vulnérabilité a été découverte dans Cisco Broadband Service Manager. Elle peut être exploitée afin de réaliser des attaques par injection de code indirecte (Cross Site Scripting).

Description

Une vulnérabilité a été découverte dans la gestion du paramètre msg par la page AccessCodeStart.asp dans Cisco Broadband Service Manager. Cette vulnérabilité peut être exploitée afin de réaliser une attaque par injection de code indirecte (Cross Site Scripting).

Solution

Appliquer la mise à jour BBSMPatch5332.zip (cf. section Documentation).

Cisco Building Broadband Service Manager 5.x.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

VAR-200805-0355

Vulnerability from variot - Updated: 2025-04-10 23:16

Cross-site scripting (XSS) vulnerability in AccessCodeStart.asp in Cisco Building Broadband Service Manager (BBSM) Captive Portal 5.3 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. Cisco BBSM 5.3 is vulnerable; other versions may also be affected. ----------------------------------------------------------------------

Secunia Network Software Inspector 2.0 (NSI) - Public Beta

The Public Beta has ended. Thanks to all that participated.

Input passed to the "msg" parameter in AccessCodeStart.asp is not properly sanitised before being returned to a user.

SOLUTION: Apply patch BBSMPatch5332.zip. http://tools.cisco.com/support/downloads/go/ImageList.x?relVer=5.3&mdfid=278455427&sftType=Building%20Broadband%20Service%20Manager%20(BBSM)%20Updates&optPlat=&nodecount=2&edesignator=null&modelName=Cisco%20Building%20Broadband%20Service%20Manager%205.3&treeMdfId=281527126&treeName=Network%20Monitoring%20and%20Management

PROVIDED AND/OR DISCOVERED BY: Brad Antoniewicz

ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/bugtraq/2008-05/0166.html

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200805-0355",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "building broadband service manager",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "cisco",
        "version": "5.3"
      },
      {
        "model": "building broadband service manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "captive portal 5.3"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "29191"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002019"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200805-204"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-2165"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:cisco:building_broadband_service_manager",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002019"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Brad Antoniewicz  Brad.Antoniewicz@foundstone.com",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200805-204"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2008-2165",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2008-2165",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-32290",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2008-2165",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2008-2165",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200805-204",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-32290",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-32290"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002019"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200805-204"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-2165"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cross-site scripting (XSS) vulnerability in AccessCodeStart.asp in Cisco Building Broadband Service Manager (BBSM) Captive Portal 5.3 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. \nCisco BBSM 5.3 is vulnerable; other versions may also be affected. ----------------------------------------------------------------------\n\nSecunia Network Software Inspector 2.0 (NSI) - Public Beta\n\nThe Public Beta has ended. Thanks to all that participated. \n\nInput passed to the \"msg\" parameter in AccessCodeStart.asp is not\nproperly sanitised before being returned to a user. \n\nSOLUTION:\nApply patch BBSMPatch5332.zip. \nhttp://tools.cisco.com/support/downloads/go/ImageList.x?relVer=5.3\u0026mdfid=278455427\u0026sftType=Building%20Broadband%20Service%20Manager%20(BBSM)%20Updates\u0026optPlat=\u0026nodecount=2\u0026edesignator=null\u0026modelName=Cisco%20Building%20Broadband%20Service%20Manager%205.3\u0026treeMdfId=281527126\u0026treeName=Network%20Monitoring%20and%20Management\n\nPROVIDED AND/OR DISCOVERED BY:\nBrad Antoniewicz\n\nORIGINAL ADVISORY:\nhttp://archives.neohapsis.com/archives/bugtraq/2008-05/0166.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-2165"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002019"
      },
      {
        "db": "BID",
        "id": "29191"
      },
      {
        "db": "VULHUB",
        "id": "VHN-32290"
      },
      {
        "db": "PACKETSTORM",
        "id": "66354"
      }
    ],
    "trust": 2.07
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-32290",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-32290"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2008-2165",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "29191",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "30222",
        "trust": 1.8
      },
      {
        "db": "SECTRACK",
        "id": "1020018",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-1535",
        "trust": 1.7
      },
      {
        "db": "SREASON",
        "id": "3895",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002019",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200805-204",
        "trust": 0.7
      },
      {
        "db": "BUGTRAQ",
        "id": "20080514 RE: CISCO BBSM CAPTIVE PORTAL CROSS-SITE SCRIPTING",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20080513 CISCO BBSM CAPTIVE PORTAL CROSS-SITE SCRIPTING",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "42395",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "66315",
        "trust": 0.1
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-85101",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-32290",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "66354",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-32290"
      },
      {
        "db": "BID",
        "id": "29191"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002019"
      },
      {
        "db": "PACKETSTORM",
        "id": "66354"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200805-204"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-2165"
      }
    ]
  },
  "id": "VAR-200805-0355",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-32290"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-04-10T23:16:35.453000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.cisco.com/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002019"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-32290"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002019"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-2165"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/29191"
      },
      {
        "trust": 1.7,
        "url": "http://securitytracker.com/id?1020018"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/30222"
      },
      {
        "trust": 1.7,
        "url": "http://securityreason.com/securityalert/3895"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/492043/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/492093/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2008/1535"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42395"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2165"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-2165"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/42395"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/492093/100/0/threaded"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/492043/100/0/threaded"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2008/1535"
      },
      {
        "trust": 0.3,
        "url": "http://cisco.com/univercd/cc/td/doc/product/aggr/bbsm/index.htm"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/492093"
      },
      {
        "trust": 0.1,
        "url": "http://archives.neohapsis.com/archives/bugtraq/2008-05/0166.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/18664/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/network_software_inspector_2/"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/support/downloads/go/imagelist.x?relver=5.3\u0026mdfid=278455427\u0026sfttype=building%20broadband%20service%20manager%20(bbsm)%20updates\u0026optplat=\u0026nodecount=2\u0026edesignator=null\u0026modelname=cisco%20building%20broadband%20service%20manager%205.3\u0026treemdfid=281527126\u0026treename=network%20monitoring%20and%20management"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/30222/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-32290"
      },
      {
        "db": "BID",
        "id": "29191"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002019"
      },
      {
        "db": "PACKETSTORM",
        "id": "66354"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200805-204"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-2165"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-32290"
      },
      {
        "db": "BID",
        "id": "29191"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002019"
      },
      {
        "db": "PACKETSTORM",
        "id": "66354"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200805-204"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-2165"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2008-05-16T00:00:00",
        "db": "VULHUB",
        "id": "VHN-32290"
      },
      {
        "date": "2008-05-13T00:00:00",
        "db": "BID",
        "id": "29191"
      },
      {
        "date": "2008-12-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-002019"
      },
      {
        "date": "2008-05-15T04:56:37",
        "db": "PACKETSTORM",
        "id": "66354"
      },
      {
        "date": "2008-05-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200805-204"
      },
      {
        "date": "2008-05-16T12:54:00",
        "db": "NVD",
        "id": "CVE-2008-2165"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-32290"
      },
      {
        "date": "2008-05-14T18:05:00",
        "db": "BID",
        "id": "29191"
      },
      {
        "date": "2008-12-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-002019"
      },
      {
        "date": "2009-01-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200805-204"
      },
      {
        "date": "2025-04-09T00:30:58.490000",
        "db": "NVD",
        "id": "CVE-2008-2165"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200805-204"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Building Broadband Service Manager (BBSM) Captive Portal Vulnerable to cross-site scripting",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002019"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "xss",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "66354"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200805-204"
      }
    ],
    "trust": 0.7
  }
}

GSD-2008-2165

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2008-2165

Aliases

CVE-2008-2165

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-2165",
    "description": "Cross-site scripting (XSS) vulnerability in AccessCodeStart.asp in Cisco Building Broadband Service Manager (BBSM) Captive Portal 5.3 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.",
    "id": "GSD-2008-2165",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2008-2165"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-2165"
      ],
      "details": "Cross-site scripting (XSS) vulnerability in AccessCodeStart.asp in Cisco Building Broadband Service Manager (BBSM) Captive Portal 5.3 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.",
      "id": "GSD-2008-2165",
      "modified": "2023-12-13T01:23:00.647302Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-2165",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site scripting (XSS) vulnerability in AccessCodeStart.asp in Cisco Building Broadband Service Manager (BBSM) Captive Portal 5.3 allows remote attackers to inject arbitrary web script or HTML via the msg parameter."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20080513 Cisco BBSM Captive Portal Cross-site Scripting",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/492043/100/0/threaded"
          },
          {
            "name": "20080514 Re: Cisco BBSM Captive Portal Cross-site Scripting",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/492093/100/0/threaded"
          },
          {
            "name": "29191",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/29191"
          },
          {
            "name": "30222",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/30222"
          },
          {
            "name": "3895",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/3895"
          },
          {
            "name": "ADV-2008-1535",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/1535"
          },
          {
            "name": "cisco-bbsm-accesscodestart-xss(42395)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42395"
          },
          {
            "name": "1020018",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1020018"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:building_broadband_service_manager:5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-2165"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in AccessCodeStart.asp in Cisco Building Broadband Service Manager (BBSM) Captive Portal 5.3 allows remote attackers to inject arbitrary web script or HTML via the msg parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "29191",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/29191"
            },
            {
              "name": "1020018",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1020018"
            },
            {
              "name": "30222",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/30222"
            },
            {
              "name": "3895",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/3895"
            },
            {
              "name": "ADV-2008-1535",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/1535"
            },
            {
              "name": "cisco-bbsm-accesscodestart-xss(42395)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42395"
            },
            {
              "name": "20080514 Re: Cisco BBSM Captive Portal Cross-site Scripting",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/492093/100/0/threaded"
            },
            {
              "name": "20080513 Cisco BBSM Captive Portal Cross-site Scripting",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/492043/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-11T20:39Z",
      "publishedDate": "2008-05-16T12:54Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-2165 (GCVE-0-2008-2165)

FKIE_CVE-2008-2165

GHSA-F4C5-5QX8-V3VP

CERTA-2008-AVI-256

Description

Solution

VAR-200805-0355

GSD-2008-2165

Tags

Sightings

Nomenclature