CVE-2007-0660

{"id": "CVE-2007-0660", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2007-02-01T22:28:00.000", "references": [{"url": "http://osvdb.org/36476", "source": "cve@mitre.org"}, {"url": "http://www.dotnetnuke.com/Default.aspx?tabid=825&EntryID=1278", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/22334", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/0433", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32037", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/36476", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.dotnetnuke.com/Default.aspx?tabid=825&EntryID=1278", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/22334", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2007/0433", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32037", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the IFrame module before 03.02.01 for DotNetNuke (DNN) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to \"Pass through values.\""}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el m\u00f3dulo IFrame versiones anteriores a 03.02.01 para DotNetNuke (DNN) permite a atacantes remotos inyectar scripts web o HTML de su elecci\u00f3n mediante vectores no especificados referidos a \"Paso a trav\u00e9s de valores\"."}], "lastModified": "2024-11-21T00:26:25.710", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dotnetnuke:dotnetnuke_iframe:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC149D3D-5D04-4EB3-BDE0-3E93732F430C", "versionEndIncluding": "03.01.01"}, {"criteria": "cpe:2.3:a:dotnetnuke:dotnetnuke_iframe:03.02.00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D5E42EA-2772-4A03-B081-EC660E482BEC"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}