ID CVE-2007-0362Type cveReporter cve@mitre.orgModified 2017-07-29T01:30:00
Description
Cross-site scripting (XSS) vulnerability in the RSS feed component in FreshReader before 1.0.07010600 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to tag attributes.
{"id": "CVE-2007-0362", "bulletinFamily": "NVD", "title": "CVE-2007-0362", "description": "Cross-site scripting (XSS) vulnerability in the RSS feed component in FreshReader before 1.0.07010600 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to tag attributes.", "published": "2007-01-19T01:28:00", "modified": "2017-07-29T01:30:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0362", "reporter": "cve@mitre.org", "references": ["http://manual.freshreader.com/archives/2007/01/20070118_javasc.html", "https://exchange.xforce.ibmcloud.com/vulnerabilities/31566", "http://secunia.com/advisories/23806", "http://www.securityfocus.com/bid/22106", "http://jvn.jp/jp/JVN%2395249468/index.html", "http://www.vupen.com/english/advisories/2007/0241", "http://osvdb.org/32923"], "cvelist": ["CVE-2007-0362"], "type": "cve", "lastseen": "2019-05-29T18:08:58", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "eaf581be2607b59f94abcec0456dec32"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "c1f7184ef21208ad2d4c3b0d9994642f"}, {"key": "cpe23", "hash": "e9420359f1b70c138026875cc08310b4"}, {"key": "cvelist", "hash": "b6552756f1f556ca66fb9750d26fe34a"}, {"key": "cvss", "hash": "4cac367be6dd8242802053610be9dee6"}, {"key": "cvss2", "hash": "1997a83d1164e580c617572d7a8583e2"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "78a7a5cbaf09985c14389298e454e7db"}, {"key": "description", "hash": "b203ebb6b21f97d9ba1ef49ec4625e96"}, {"key": "href", "hash": "ffadb46fa2763300f347ff43978358f8"}, {"key": "modified", "hash": "0cb85aee5f0c04982c0d99915db7ab94"}, {"key": "published", "hash": "208793376474aea11207a68bfbf37092"}, {"key": "references", "hash": "68110f07670330139e3d684681873ed3"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "3db45f92a6a8c8e041262818be1844b9"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "d45e3cd3ae4672feef59d293fb3548fce024685ee5f7dd7b722ffb43e9e7bbbf", "viewCount": 0, "enchantments": {"score": {"value": 4.8, "vector": "NONE", "modified": "2019-05-29T18:08:58"}, "dependencies": {"references": [{"type": "osvdb", "idList": ["OSVDB:32923"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:7151"]}], "modified": "2019-05-29T18:08:58"}, "vulnersScore": 4.8}, "objectVersion": "1.3", "cpe": ["cpe:/a:freshreader:freshreader:*"], "affectedSoftware": [{"name": "freshreader freshreader", "operator": "eq", "version": "*"}], "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:freshreader:freshreader:*:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"]}
{"osvdb": [{"lastseen": "2017-04-28T13:20:29", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://manual.freshreader.com/archives/2007/01/20070118_javasc.html\n[Secunia Advisory ID:23806](https://secuniaresearch.flexerasoftware.com/advisories/23806/)\nOther Advisory URL: http://jvn.jp/jp/JVN%2395249468/index.html\nISS X-Force ID: 31566\nFrSIRT Advisory: ADV-2007-0241\n[CVE-2007-0362](https://vulners.com/cve/CVE-2007-0362)\nBugtraq ID: 22106\n", "modified": "2007-01-18T05:33:47", "published": "2007-01-18T05:33:47", "href": "https://vulners.com/osvdb/OSVDB:32923", "id": "OSVDB:32923", "title": "FreshReader RSS Feed Tag Attribute XSS", "type": "osvdb", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:23", "bulletinFamily": "software", "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "modified": "2007-02-02T00:00:00", "published": "2007-02-02T00:00:00", "id": "SECURITYVULNS:VULN:7151", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7151", "title": "Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
