CVE-2007-6002

{"id": "CVE-2007-6002", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2007-11-15T22:46:00.000", "references": [{"url": "http://jvn.jp/jp/JVN%2365427327/index.html", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/38875", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/38876", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/27655", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/27675", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.fenrir.co.jp/grani/note.html", "source": "cve@mitre.org"}, {"url": "http://www.fenrir.co.jp/sleipnir/note.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/26418", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38441", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Fenriru (1) Sleipnir 2.5.17 R2 and earlier and (2) Grani 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the Search field in a search for additions to the Favorites section."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Fenriru (1) Sleipnir 2.5.17 R2 y anteriores y (2) Grani 3.0 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante el campo Search en una busca de a\u00f1adidos en la secci\u00f3n Favorites."}], "lastModified": "2017-07-29T01:33:59.147", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fenrir:grani:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE7D5963-DAC7-4DC3-893C-C27E724137D7", "versionEndIncluding": "3.0"}, {"criteria": "cpe:2.3:a:fenrir:sleipnir:*:r2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3CB5998C-FBF9-4ABD-AF46-170385EA5AB1", "versionEndIncluding": "2.5.17"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}