CVE-2007-5582

{"id": "CVE-2007-5582", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2007-12-15T01:46:00.000", "references": [{"url": "http://secunia.com/advisories/27902", "source": "ykramarz@cisco.com"}, {"url": "http://securityreason.com/securityalert/3449", "source": "ykramarz@cisco.com"}, {"url": "http://securitytracker.com/id?1019043", "source": "ykramarz@cisco.com"}, {"url": "http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsk69289", "source": "ykramarz@cisco.com"}, {"url": "http://www.cisco.com/warp/public/707/cisco-sr-20071205-cw.shtml", "tags": ["Patch"], "source": "ykramarz@cisco.com"}, {"url": "http://www.liquidmatrix.org/blog/2007/12/05/advisory-cross-site-scripting-in-ciscoworks/", "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/archive/1/484609/100/0/threaded", "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/bid/26708", "source": "ykramarz@cisco.com"}, {"url": "http://www.vupen.com/english/advisories/2007/4102", "source": "ykramarz@cisco.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38862", "source": "ykramarz@cisco.com"}, {"url": "http://secunia.com/advisories/27902", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securityreason.com/securityalert/3449", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securitytracker.com/id?1019043", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsk69289", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.cisco.com/warp/public/707/cisco-sr-20071205-cw.shtml", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.liquidmatrix.org/blog/2007/12/05/advisory-cross-site-scripting-in-ciscoworks/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/484609/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/26708", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2007/4102", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38862", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the login page in Cisco CiscoWorks Server (CS), possibly 2.6 and earlier, when using CiscoWorks Common Services 3.0.x and 3.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la p\u00e1gina de inicio de sesi\u00f3n de Cisco CiscoWorks Server (CS), posiblemente 2.6 y anteriores, al utilizar CiscoWorks Common Services 3.0.x y 3.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante vectores no especificados."}], "lastModified": "2024-11-21T00:38:14.973", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:ciscoworks_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB019E66-471E-44BA-BE69-55A2DC867FF0", "versionEndIncluding": "2.6"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}