CVE-2007-3189

Cross-site scripting (XSS) vulnerability in auth.php in Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote attackers to inject arbitrary web script or HTML via the user parameter.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://marc.info/?l=full-disclosure&m=118151087109711&w=2
http://secunia.com/advisories/25587
http://secunia.com/advisories/26769
http://www.debian.org/security/2007/dsa-1374
http://www.securityfocus.com/archive/1/471039/100/0/threaded
http://www.securityfocus.com/bid/24414

Configurations

Configuration 1 (hide)

cpe:2.3:a:jffnms:just_for_fun_network_management_system:0.8.3:*:*:*:*:*:*:*

History

No history.

Information

Published : 2007-06-12 23:30

Updated : 2024-02-04 17:13

NVD link : CVE-2007-3189

Mitre link : CVE-2007-3189

CVE.ORG link : CVE-2007-3189

JSON object : View

Products Affected

jffnms

just_for_fun_network_management_system

CWE

NVD-CWE-Other

4.3 /10