CVE-2008-5786

medium

Description

Cross-site scripting (XSS) vulnerability in the Silva Find extension 1.1.5 and earlier in Silva 1.x before 1.6.3.2, Silva 2.0 before 2.0.12.2, and Silva 2.1 before 2.1.0.2 allows remote attackers to inject arbitrary web script or HTML via the fulltext parameter.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/46427

http://www.securityfocus.com/bid/32183

http://www.osvdb.org/49659

http://www.infrae.com/newsitems/silva_security_bulletin_08-11-07

http://secunia.com/advisories/32585

http://holisticinfosec.org/content/view/91/45/

Details

Source: Mitre, NVD

Published: 2008-12-31

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00475