- Description
- Cross-site scripting (XSS) vulnerability in the file listing function in the web management interface in Packeteer PacketShaper and PolicyCenter 8.2.2 allows remote attackers to inject arbitrary web script or HTML via the FILELIST parameter to an arbitrary component, which triggers injection into an Error Report page.
- Source
- cve@mitre.org
- NVD status
- Deferred
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
- nvd@nist.gov
- CWE-79
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:packeteer:packetshaper:8.2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "11E3252C-7FA7-4B7B-BAC2-3B150F04393A"
},
{
"criteria": "cpe:2.3:a:packeteer:policycenter:8.2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D6FF2BE2-6733-4073-AC75-5003878EC74E"
}
],
"operator": "OR"
}
]
}
]