CVE-2007-6312

{"id": "CVE-2007-6312", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2007-12-11T21:46:00.000", "references": [{"url": "http://secunia.com/advisories/28019", "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/3432", "source": "cve@mitre.org"}, {"url": "http://www.liquidmatrix.org/blog/2007/12/10/advisory-websense-xss-vulnerability/", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/484824/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/26793", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1019066", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/4158", "source": "cve@mitre.org"}, {"url": "http://www.websense.com/SupportPortal/SupportKbs/1840.aspx", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38936", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the logon page in Web Reporting Tools portal in Websense Enterprise and Web Security Suite 6.3 allows remote attackers to inject arbitrary web script or HTML via the username field."}, {"lang": "es", "value": "Vulnerabilidad de secuencia de comandos en sitios cruzaods (XSS) en la p\u00e1gina de entrada en el portal Web Reporting Tools en Websense Enterprise y Web Security Suite 6.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del campo username."}], "lastModified": "2018-10-15T21:51:58.983", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:websense:enterpise:6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C401DD1-356A-4D49-92B6-79CDEBB0A950"}, {"criteria": "cpe:2.3:a:websense:enterpise:6.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55C994DC-41FA-48AB-AF96-D09F18F41C8B"}, {"criteria": "cpe:2.3:a:websense:reporting_tools:6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "04921824-6D2F-4F58-B9CC-9B7514C125D3"}, {"criteria": "cpe:2.3:a:websense:reporting_tools:6.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B693707D-84FF-4877-B6B1-DE573930B173"}, {"criteria": "cpe:2.3:a:websense:web_security_suite:6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C6B33BD-95AF-46E9-9438-0142DE27B3D3"}, {"criteria": "cpe:2.3:a:websense:web_security_suite:6.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83262C61-49ED-4D16-BC10-FBEBD602D5E5"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}