CVE-2007-4021

{"id": "CVE-2007-4021", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2007-07-26T19:30:00.000", "references": [{"url": "http://pridels-team.blogspot.com/2007/07/secure-xss-vuln.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/25024", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/2656", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35583", "source": "cve@mitre.org"}, {"url": "http://pridels-team.blogspot.com/2007/07/secure-xss-vuln.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/25024", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2007/2656", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35583", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in login.php in Brain Book Software Secure 1.0.20070629 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user and (2) pwd parameters."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el login.php del Brain Book Software Secure 1.0.20070629 y versiones anteriores permiten a atacantes remotos la inyecci\u00f3n de secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de los par\u00e1metros (1) user y (2) pwd."}], "lastModified": "2024-11-21T00:34:36.160", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:brain_book_software:software_secure:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "27414617-FCA7-4C02-A5E9-5F95D07B0609", "versionEndIncluding": "1.0.20070629"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}