QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2008-7092

Back to search

CVE-2008-7092

Published: Aug 26, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

Multiple cross-site scripting (XSS) vulnerabilities in Unica Affinium Campaign 7.2.1.0.55 allow remote attackers to inject arbitrary web script or HTML via a Javascript event in the (1) url, (2) PageName, and (3) title parameters in a CustomBookMarkLink action to Campaign/Campaign; (4) a Javascript event in the displayIcon parameter to Campaign/updateOfferTemplateSubmit.do (aka the templates web page); (5) crafted input to Campaign/CampaignListener (aka the listener server), which is not properly handled when displaying the status log; and (6) id parameter to Campaign/campaignDetails.do, (7) id parameter to Campaign/offerDetails.do, (8) function parameter to Campaign/Campaign, (9) sessionID parameter to Campaign/runAllFlowchart.do, (10) id parameter in an edit action to Campaign/updateOfferTemplatePage.do, (11) Frame parameter in a LoadFrame action to Campaign/Campaign, (12) affiniumUserName parameter to manager/jsp/test.jsp, (13) affiniumUserName parameter to Campaign/main.do, and possibly other vectors.

VendorProductVersions

n/a

n/a

affected
n/a

References

47528
vdb-entry
x_refsource_OSVDB
31280
third-party-advisory
x_refsource_SECUNIA
47524
vdb-entry
x_refsource_OSVDB
30433
vdb-entry
x_refsource_BID
47520
vdb-entry
x_refsource_OSVDB
47523
vdb-entry
x_refsource_OSVDB
47526
vdb-entry
x_refsource_OSVDB
47530
vdb-entry
x_refsource_OSVDB
47522
vdb-entry
x_refsource_OSVDB
47525
vdb-entry
x_refsource_OSVDB
47521
vdb-entry
x_refsource_OSVDB

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now