CVE-2007-5796

{"id": "CVE-2007-5796", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2007-11-03T00:46:00.000", "references": [{"url": "http://secunia.com/advisories/27452", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.bluecoat.com/support/securityadvisories/advisory_cross-site_scripting_vulnerability", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1018888", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/3678", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38213", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the management console in Blue Coat ProxySG before 4.2.6.1, and 5.x before 5.2.2.5, allows remote attackers to inject arbitrary web script or HTML by modifying the URL that is used for loading Certificate Revocation Lists."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la consola de administraci\u00f3n del Blue Coat ProxySG anterior al 4.2.6.1, y el 5.x anterior al 5.2.2.5, permite a atacantes remotos la inyecci\u00f3n de secuencias de comandos web o HTML de su elecci\u00f3n mediante la modificaci\u00f3n de la URL que se usa para la carga de las Listas de Certificados Revocados (\"Certificate Revocation Lists\")."}], "lastModified": "2018-10-26T14:17:18.827", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:symantec:proxysg_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "27934E07-8F55-443F-AF3D-C562A437A99E", "versionEndExcluding": "4.2.6.1"}, {"criteria": "cpe:2.3:o:symantec:proxysg_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7723A628-CAF2-4D7A-9BCD-AE95EE36D860", "versionEndExcluding": "5.2.2.5", "versionStartIncluding": "5.0.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:symantec:proxysg:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7660647E-FDD2-40AE-945A-FB3FE30AC4E6"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}