CVE-2007-1723

{"id": "CVE-2007-1723", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": true}]}, "published": "2007-03-28T00:19:00.000", "references": [{"url": "http://osvdb.org/34526", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/34527", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/34528", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/34529", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/34530", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/34531", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/34532", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/34533", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/24657", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/2484", "source": "cve@mitre.org"}, {"url": "http://www.514.es/2007/03/siaadv07004_multiples_vulnerab.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/463827/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1017821", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/1164", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33232", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the administration console in Secure Computing CipherTrust IronMail 6.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) network, (2) defRouterIp, (3) hostName, (4) domainName, (5) ipAddress, (6) defaultRouter, (7) dns1, or (8) dns2 parameter to (a) admin/system_IronMail.do; the (9) ipAddress parameter to (b) admin/systemOutOfBand.do; the (10) password or (11) confirmPassword parameter to (c) admin/systemBackup.do; the (12) Klicense parameter to (d) admin/systemLicenseManager.do; the (13) rows[1].attrValueStr or (14) rows[2].attrValueStr parameter to (e) admin/systemWebAdminConfig.do; the (15) rows[0].attrValueStr, rows[1].attrValueStr, (16) rows[2].attrValue, or (17) rows[2].attrValueStrClone parameter to (f) admin/ldap_ConfigureServiceProperties.do; the (18) input1 parameter to (g) admin/mailFirewall_MailRoutingInternal.do; or the (19) rows[2].attrValueStr, (20) rows[3].attrValueStr, (21) rows[5].attrValueStr, or (22) rows[6].attrValueStr parameter to (h) admin/mailIdsConfig.do."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de tipo cross-site-scripting (XSS) en la consola Administraci\u00f3n en Secure Computing CipherTrust IronMail versi\u00f3n 6.1.1 permiten a los atacantes remotos inyectar scripts web o HTML arbitrarios por medio de (1) red, (2) defRouterIp, (3) hostName, (4) domainName, ( 5) ipAddress, (6) defaultRouter, (7) dns1 o (8) par\u00e1metro dns2 a (a) el archivo admin/system_IronMail.do; el (9) par\u00e1metro ipAddress a (b) admin/systemOutOfBand.do; (10) contrase\u00f1a o (11) par\u00e1metro confirmPassword a (c) admin/systemBackup.do; el (12) par\u00e1metro Klicense a (d) admin/systemLicenseManager.do; el par\u00e1metro (13) rows[1].attrValueStr o (14) rows[2].attrValueStr en (e) admin/systemWebAdminConfig.do; el (15) rows[0].attrValueStr, rows[1].attrValueStr, (16) rows[2].attrValue, o (17) rows[2].attrValueStrClone par\u00e1metro a (f) admin/ldap_ConfigureServiceProperties.do; el (18) par\u00e1metro input1 a (g) admin/mailFirewall_MailRoutingInternal.do; o los par\u00e1metros (19) rows[2].attrValueStr, (20) rows[3].attrValueStr, (21) rows[5].attrValueStr o (22) rows[6].attrValueStr en (h) admin/mailIdsConfig.do."}], "lastModified": "2018-10-16T16:40:37.270", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ciphertrust:ironmail:6.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B5FD6CEB-660D-42C2-AA16-C2631EEBFCC9"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}