Home > Vulnerability Database > CVE-2008-5647

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2008-5647

Good to know:

Date: December 17, 2008

Unspecified vulnerability in the HTML sanitizer filter in Trac before 0.11.2 allows attackers to conduct phishing attacks via unknown attack vectors.

Severity Score

5.4

Related Resources (10)

Url: http://trac.edgewall.org/wiki/ChangeLog

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/46491

Url: https://web.archive.org/web/20140722200717/http://secunia.com/advisories/32652

Url: https://web.archive.org/web/20200228023138/http://www.securityfocus.com/bid/32226

Url: http://www.vupen.com/english/advisories/2008/3080

Url: https://github.com/pypa/advisory-database/tree/main/vulns/trac/PYSEC-2008-7.yaml

Url: http://www.securityfocus.com/bid/32226

Url: https://nvd.nist.gov/vuln/detail/CVE-2008-5647

Url: http://secunia.com/advisories/32652

Url: https://www.mend.io/vulnerability-database/CVE-2008-5647

Severity Score

5.4

Weakness Type (CWE)

Insufficient Information

NVD-CWE-noinfo

Top Fix

Upgrade Version

Upgrade to version Trac - 0.11.2

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Do you need more information?

Contact Us