CVE-2007-4192

Multiple cross-site scripting (XSS) vulnerabilities in IDE Group DVD Rental System (DRS) 5.1 before 20070801 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: it is not clear whether IDE Group updates all DRS installations in its role as an application service provider. If so, then this issue should not be included in CVE.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://archives.neohapsis.com/archives/fulldisclosure/2007-08/0020.html
http://osvdb.org/39522
http://secunia.com/advisories/26310
http://www.securityfocus.com/bid/25177
http://www.vupen.com/english/advisories/2007/2806
https://exchange.xforce.ibmcloud.com/vulnerabilities/35768

Configurations

Configuration 1 (hide)

cpe:2.3:a:ide_group:dvd_rental_system_drs:5.1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2007-08-08 01:17

Updated : 2024-02-04 17:13

NVD link : CVE-2007-4192

Mitre link : CVE-2007-4192

CVE.ORG link : CVE-2007-4192

JSON object : View

Products Affected

ide_group

dvd_rental_system_drs

CWE

NVD-CWE-Other

{"id": "CVE-2007-4192", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2007-08-08T01:17:00.000", "references": [{"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-08/0020.html", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/39522", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/26310", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/25177", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/2806", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35768", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in IDE Group DVD Rental System (DRS) 5.1 before 20070801 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: it is not clear whether IDE Group updates all DRS installations in its role as an application service provider. If so, then this issue should not be included in CVE."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en IDE Group DVD Rental System (DRS) 5.1 anterior al 01/08/2007 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante vectores no especificados. NOTA: no est\u00e1 claro si IDE Group actualiza todas las instalaciones DRS y su rol como proveedor de servicios de aplicaci\u00f3n. Si es as\u00ed, entonces este asunto no deber\u00eda ser incluido en CVE."}], "lastModified": "2017-07-29T01:32:46.457", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ide_group:dvd_rental_system_drs:5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4F063508-2C1A-4D44-A238-ECCCA8E5B5E2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}