CVE-2007-5059

Multiple cross-site scripting (XSS) vulnerabilities in GreenSQL allow remote attackers to inject arbitrary web script or HTML via several vectors, as demonstrated by the (1) uname and (2) pass parameters in a login form, and (3) an unspecified "url value," leading to storage of XSS sequences in the database and display of these sequences in the alert section of the admin panel.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.greensql.net/security
http://www.osvdb.org/38165
http://www.osvdb.org/38166
http://www.securityfocus.com/archive/1/480278/100/0/threaded
http://www.securityfocus.com/bid/25767
https://exchange.xforce.ibmcloud.com/vulnerabilities/36749

Configurations

Configuration 1 (hide)

cpe:2.3:a:greensql:greensql:0.2.2:*:*:*:*:*:*:*

History

No history.

Information

Published : 2007-09-24 22:17

Updated : 2024-02-04 17:13

NVD link : CVE-2007-5059

Mitre link : CVE-2007-5059

CVE.ORG link : CVE-2007-5059

JSON object : View

Products Affected

greensql

greensql

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2007-5059", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2007-09-24T22:17:00.000", "references": [{"url": "http://www.greensql.net/security", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/38165", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/38166", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/480278/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/25767", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36749", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in GreenSQL allow remote attackers to inject arbitrary web script or HTML via several vectors, as demonstrated by the (1) uname and (2) pass parameters in a login form, and (3) an unspecified \"url value,\" leading to storage of XSS sequences in the database and display of these sequences in the alert section of the admin panel."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en GreenSQL permiten a atacantes remotos inyectar scripts web o HTML de su elecci\u00f3n mediante diversos vectores, como se demuestra con los par\u00e1metros (1) uname y (2) pass en un formulario de autenticaci\u00f3n, y (2) un \"valor de url\" no especificado precediendo al almacenamiento de secuencias XSS en la base de datos y la visualizaci\u00f3n de estas secuencias en la secci\u00f3n de alerta del panel de administraci\u00f3n."}], "lastModified": "2018-10-15T21:40:13.100", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:greensql:greensql:0.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "29455884-45EB-42DD-8415-E22E200C3AFE"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}