CVE-2007-3807

Multiple cross-site scripting (XSS) vulnerabilities in SiteScape Forum before 7.3 allow remote attackers to inject arbitrary web script or HTML via the user name field in the login procedure, and other unspecified vectors.

CVSS v2.0 2.6 LOW

2.6^/10

CVSS v2.0 : LOW

Vector : AV:N/AC:H/Au:N/C:N/I:P/A:N

Exploitability : 4.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://osvdb.org/36844
http://secunia.com/advisories/26065	Patch
http://securityreason.com/securityalert/2893
http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3159
http://www.securityfocus.com/archive/1/473624/100/0/threaded
http://www.securityfocus.com/bid/24893
https://exchange.xforce.ibmcloud.com/vulnerabilities/35395

Configurations

Configuration 1 (hide)

cpe:2.3:a:sitescape:sitescape_forum:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2007-07-17 00:30

Updated : 2024-02-04 17:13

NVD link : CVE-2007-3807

Mitre link : CVE-2007-3807

CVE.ORG link : CVE-2007-3807

JSON object : View

Products Affected

sitescape

sitescape_forum

CWE

NVD-CWE-Other

{"id": "CVE-2007-3807", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2007-07-17T00:30:00.000", "references": [{"url": "http://osvdb.org/36844", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/26065", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/2893", "source": "cve@mitre.org"}, {"url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3159", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/473624/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/24893", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35395", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in SiteScape Forum before 7.3 allow remote attackers to inject arbitrary web script or HTML via the user name field in the login procedure, and other unspecified vectors."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en SiteScape Forum anterior a 7.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante el campo de nombre de usuario en el procedimiento de login, y otros vectores no especificados."}], "lastModified": "2018-10-15T21:31:01.880", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sitescape:sitescape_forum:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35A35B47-DC9E-4C8C-A6FF-A49D4046F6DB", "versionEndIncluding": "7.2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}