CVE-2008-0454
published 2008-01-25CVE-2008-0454: Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows…
PriorityP340critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
25.20%
97.7th percentile
Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Title field of a (1) Dailymotion and possibly (2) Metacafe movie in the Skype video gallery, accessible through a search within the "Add video to chat" dialog, aka "videomood XSS."
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| skype_technologies | skype | <= 3.6.0.244 | — |
| skype_technologies | skype | — | — |
| skype_technologies | skype | — | — |
| skype_technologies | skype | — | — |
| skype_technologies | skype | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-g549-m5gj-5w5g: Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3
ghsa_unreviewed·2022-05-01
CVE-2008-0454 [HIGH] CWE-79 GHSA-g549-m5gj-5w5g: Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3
Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Title field of a (1) Dailymotion and possibly (2) Metacafe movie in the Skype video gallery, accessible through a search within the "Add video to chat" dialog, aka "videomood XSS."
GHSA
GHSA-3876-f57v-xhhx: Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3
ghsa_unreviewed·2022-05-01·CVSS 9.3
CVE-2008-0583 [CRITICAL] CWE-94 GHSA-3876-f57v-xhhx: Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3
Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Description and unspecified other metadata fields of a Metacafe movie submitted by Metacafe Pro to the Skype video gallery, accessible through a search within the (1) "Add video to chat" or (2) "Add video to mood" dialog, a different vector than CVE-2008-0454.
No detection rules found.
No public exploits indexed.
http://archives.neohapsis.com/archives/fulldisclosure/2008-01/0337.htmlhttp://archives.neohapsis.com/archives/fulldisclosure/2008-01/0363.htmlhttp://aviv.raffon.net/2008/01/17/SkypeCrosszoneScriptingVulnerability.aspxhttp://share.skype.com/sites/security/2008/01/skype_cross_zone_scripting_vul.htmlhttp://skype.com/security/skype-sb-2008-001-update1.htmlhttp://skype.com/security/skype-sb-2008-001.htmlhttp://www.critical.lt/?opinions/show/1470http://www.gnucitizen.org/blog/vulnerabilities-in-skypehttp://www.kb.cert.org/vuls/id/248184http://www.securityfocus.com/archive/1/486512/100/0/threadedhttp://www.securityfocus.com/bid/27338http://www.vupen.com/english/advisories/2008/0194https://exchange.xforce.ibmcloud.com/vulnerabilities/39754http://archives.neohapsis.com/archives/fulldisclosure/2008-01/0337.htmlhttp://archives.neohapsis.com/archives/fulldisclosure/2008-01/0363.htmlhttp://aviv.raffon.net/2008/01/17/SkypeCrosszoneScriptingVulnerability.aspxhttp://share.skype.com/sites/security/2008/01/skype_cross_zone_scripting_vul.htmlhttp://skype.com/security/skype-sb-2008-001-update1.htmlhttp://skype.com/security/skype-sb-2008-001.htmlhttp://www.critical.lt/?opinions/show/1470http://www.gnucitizen.org/blog/vulnerabilities-in-skypehttp://www.kb.cert.org/vuls/id/248184http://www.securityfocus.com/archive/1/486512/100/0/threadedhttp://www.securityfocus.com/bid/27338http://www.vupen.com/english/advisories/2008/0194https://exchange.xforce.ibmcloud.com/vulnerabilities/39754
2008-01-25
Published