CVE-2007-0891

Cross-site scripting (XSS) vulnerability in the GetCurrentCompletePath function in phpmyvisites.php in phpMyVisites before 2.2 allows remote attackers to inject arbitrary web script or HTML via the query string.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://marc.info/?l=full-disclosure&m=117121596803908&w=2	Third Party Advisory
http://osvdb.org/33176	Broken Link
http://secunia.com/advisories/24124	Permissions Required
http://www.securityfocus.com/archive/1/459792/100/0/threaded
http://www.securityfocus.com/bid/22516	Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2007/0566	Not Applicable
https://exchange.xforce.ibmcloud.com/vulnerabilities/32430

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:matthieu_aubry:phpmyvisites::::::::
	cpe:2.3:a:matthieu_aubry:phpmyvisites:0.1_beta:::::::*
	cpe:2.3:a:matthieu_aubry:phpmyvisites:1.0:::::::*
	cpe:2.3:a:matthieu_aubry:phpmyvisites:1.1:::::::*
	cpe:2.3:a:matthieu_aubry:phpmyvisites:1.2:::::::*
	cpe:2.3:a:matthieu_aubry:phpmyvisites:1.2.1:::::::*
	cpe:2.3:a:matthieu_aubry:phpmyvisites:1.2.2:::::::*
	cpe:2.3:a:matthieu_aubry:phpmyvisites:1.2_beta:::::::*
	cpe:2.3:a:matthieu_aubry:phpmyvisites:1.3:::::::*

History

No history.

Information

Published : 2007-02-12 23:28

Updated : 2024-02-04 17:13

NVD link : CVE-2007-0891

Mitre link : CVE-2007-0891

CVE.ORG link : CVE-2007-0891

JSON object : View

Products Affected

matthieu_aubry

phpmyvisites

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2007-0891", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2007-02-12T23:28:00.000", "references": [{"url": "http://marc.info/?l=full-disclosure&m=117121596803908&w=2", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://osvdb.org/33176", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/24124", "tags": ["Permissions Required"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/459792/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/22516", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/0566", "tags": ["Not Applicable"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32430", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the GetCurrentCompletePath function in phpmyvisites.php in phpMyVisites before 2.2 allows remote attackers to inject arbitrary web script or HTML via the query string."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la funci\u00f3n GetCurrentCompletePath en phpmyvisites.php in phpMyVisites anterior a 2.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de la cadena de petici\u00f3n."}], "lastModified": "2018-10-16T16:35:05.467", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:matthieu_aubry:phpmyvisites:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F3EA8EE-BB15-477E-8264-F0A7A08C57A7", "versionEndIncluding": "2.1"}, {"criteria": "cpe:2.3:a:matthieu_aubry:phpmyvisites:0.1_beta:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B94A2BE-746A-4306-A255-AA7687D63433"}, {"criteria": "cpe:2.3:a:matthieu_aubry:phpmyvisites:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E10F69FD-5578-4D84-98D5-30C2FF951A57"}, {"criteria": "cpe:2.3:a:matthieu_aubry:phpmyvisites:1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "94EE3865-3F82-4607-B73F-3FC8EFCB4DD1"}, {"criteria": "cpe:2.3:a:matthieu_aubry:phpmyvisites:1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5EBB328F-120A-4C98-94A7-4643BE7C23DE"}, {"criteria": "cpe:2.3:a:matthieu_aubry:phpmyvisites:1.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "183D3FFD-A4CB-42C8-978E-1608387CECD4"}, {"criteria": "cpe:2.3:a:matthieu_aubry:phpmyvisites:1.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74EB894E-25B8-4E74-83DF-741B27D739A7"}, {"criteria": "cpe:2.3:a:matthieu_aubry:phpmyvisites:1.2_beta:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4753A788-14D5-438D-AB16-E1DA0E6A1934"}, {"criteria": "cpe:2.3:a:matthieu_aubry:phpmyvisites:1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA73BFE8-81FF-4D4F-B290-05FBE6CF9BFA"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}