CVE-2007-5582

Cross-site scripting (XSS) vulnerability in the login page in Cisco CiscoWorks Server (CS), possibly 2.6 and earlier, when using CiscoWorks Common Services 3.0.x and 3.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/27902
http://securityreason.com/securityalert/3449
http://securitytracker.com/id?1019043
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsk69289
http://www.cisco.com/warp/public/707/cisco-sr-20071205-cw.shtml	Patch
http://www.liquidmatrix.org/blog/2007/12/05/advisory-cross-site-scripting-in-ciscoworks/
http://www.securityfocus.com/archive/1/484609/100/0/threaded
http://www.securityfocus.com/bid/26708
http://www.vupen.com/english/advisories/2007/4102
https://exchange.xforce.ibmcloud.com/vulnerabilities/38862

Configurations

Configuration 1 (hide)

cpe:2.3:a:cisco:ciscoworks_server:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2007-12-15 01:46

Updated : 2024-02-04 17:13

NVD link : CVE-2007-5582

Mitre link : CVE-2007-5582

CVE.ORG link : CVE-2007-5582

JSON object : View

Products Affected

cisco

ciscoworks_server

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2007-5582", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2007-12-15T01:46:00.000", "references": [{"url": "http://secunia.com/advisories/27902", "source": "ykramarz@cisco.com"}, {"url": "http://securityreason.com/securityalert/3449", "source": "ykramarz@cisco.com"}, {"url": "http://securitytracker.com/id?1019043", "source": "ykramarz@cisco.com"}, {"url": "http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsk69289", "source": "ykramarz@cisco.com"}, {"url": "http://www.cisco.com/warp/public/707/cisco-sr-20071205-cw.shtml", "tags": ["Patch"], "source": "ykramarz@cisco.com"}, {"url": "http://www.liquidmatrix.org/blog/2007/12/05/advisory-cross-site-scripting-in-ciscoworks/", "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/archive/1/484609/100/0/threaded", "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/bid/26708", "source": "ykramarz@cisco.com"}, {"url": "http://www.vupen.com/english/advisories/2007/4102", "source": "ykramarz@cisco.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38862", "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the login page in Cisco CiscoWorks Server (CS), possibly 2.6 and earlier, when using CiscoWorks Common Services 3.0.x and 3.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la p\u00e1gina de inicio de sesi\u00f3n de Cisco CiscoWorks Server (CS), posiblemente 2.6 y anteriores, al utilizar CiscoWorks Common Services 3.0.x y 3.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante vectores no especificados."}], "lastModified": "2018-10-15T21:45:39.737", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:ciscoworks_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB019E66-471E-44BA-BE69-55A2DC867FF0", "versionEndIncluding": "2.6"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}