CVE-2007-6633

Multiple cross-site scripting (XSS) vulnerabilities in FAQMasterFlexPlus, possibly 1.5 or 1.52, allow remote attackers to inject arbitrary web script or HTML via (1) the cat_name parameter to faq.php; and unspecified parameters to the (2) add categories, (3) edit categories, (4) delete categories, (5) add faq, (6) edit faq, and (7) delete faq Admin scripts.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/059318.html
http://osvdb.org/39664
http://secunia.com/advisories/28248	Vendor Advisory
http://www.securityfocus.com/archive/1/485589/100/0/threaded
http://www.securityfocus.com/bid/27051	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/39287

Configurations

Configuration 1 (hide)

cpe:2.3:a:netbizcity:faqmasterflexplus:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2008-01-04 00:46

Updated : 2024-02-04 17:13

NVD link : CVE-2007-6633

Mitre link : CVE-2007-6633

CVE.ORG link : CVE-2007-6633

JSON object : View

Products Affected

netbizcity

faqmasterflexplus

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2007-6633", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2008-01-04T00:46:00.000", "references": [{"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/059318.html", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/39664", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/28248", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/485589/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/27051", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39287", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in FAQMasterFlexPlus, possibly 1.5 or 1.52, allow remote attackers to inject arbitrary web script or HTML via (1) the cat_name parameter to faq.php; and unspecified parameters to the (2) add categories, (3) edit categories, (4) delete categories, (5) add faq, (6) edit faq, and (7) delete faq Admin scripts."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en FAQMasterFlexPlus, posiblemente 1.5 o 1.52, permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro (1) cat_name de faq.php; y par\u00e1metros no especificados de los scripts de administraci\u00f3n para (2) a\u00f1adir categor\u00edas, (3) editar categor\u00edas, (4) borrar categor\u00edas, (5) a\u00f1adir preguntas frecuentes, (6) editar preguntas frecuentes, y (7) borrar preguntas frecuentes."}], "lastModified": "2018-10-15T21:55:51.587", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:netbizcity:faqmasterflexplus:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "569B63E3-7DCF-4FB0-93F8-CF56CE96D6F1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}