ID CVE-2007-0398Type cveReporter cve@mitre.orgModified 2018-10-16T16:32:00
Description
Multiple cross-site scripting (XSS) vulnerabilities in forum.php3 in Arnaud Guyonne (aka Arnotic) a-forum allow remote attackers to inject arbitrary web script or HTML via the (1) Sujet or (2) Pseudo field.
{"id": "CVE-2007-0398", "bulletinFamily": "NVD", "title": "CVE-2007-0398", "description": "Multiple cross-site scripting (XSS) vulnerabilities in forum.php3 in Arnaud Guyonne (aka Arnotic) a-forum allow remote attackers to inject arbitrary web script or HTML via the (1) Sujet or (2) Pseudo field.", "published": "2007-01-22T18:28:00", "modified": "2018-10-16T16:32:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0398", "reporter": "cve@mitre.org", "references": ["http://www.attrition.org/pipermail/vim/2007-January/001249.html", "https://exchange.xforce.ibmcloud.com/vulnerabilities/31610", "http://www.securityfocus.com/archive/1/457503/100/0/threaded"], "cvelist": ["CVE-2007-0398"], "type": "cve", "lastseen": "2019-05-29T18:08:58", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "75e933a26b6b89292926f6b9aa22369a"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "040006d6b42ac4abec92c300cc2911de"}, {"key": "cpe23", "hash": "ef42b09ab9e42d6ba1f165dce660c96b"}, {"key": "cvelist", "hash": "53165e4cfe673046355ffbcb41ed7f97"}, {"key": "cvss", "hash": "4cac367be6dd8242802053610be9dee6"}, {"key": "cvss2", "hash": "1997a83d1164e580c617572d7a8583e2"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "78a7a5cbaf09985c14389298e454e7db"}, {"key": "description", "hash": "758595c65f4716e54345c7682f31ad43"}, {"key": "href", "hash": "2dec785724359980252fb9ccb5f89a12"}, {"key": "modified", "hash": "4f48dad5e4f63b0b3235110061e2f271"}, {"key": "published", "hash": "d55b78517a8b784527fc366904c7bf66"}, {"key": "references", "hash": "3790543b3ba15e79d09094801e4ec907"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "9e3356f30d338e36b7d781eb543d14a5"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "8d010e72babc85ce4e8951c2847de0c5a48ab5496a1697f871377ec68feca169", "viewCount": 0, "enchantments": {"score": {"value": 4.9, "vector": "NONE", "modified": "2019-05-29T18:08:58"}, "dependencies": {"references": [{"type": "osvdb", "idList": ["OSVDB:33556"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:7072"]}], "modified": "2019-05-29T18:08:58"}, "vulnersScore": 4.9}, "objectVersion": "1.3", "cpe": ["cpe:/a:arnotic:a-forum:*"], "affectedSoftware": [{"name": "arnotic a-forum", "operator": "eq", "version": "*"}], "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:arnotic:a-forum:*:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"]}
{"osvdb": [{"lastseen": "2017-04-28T13:20:29", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nVendor URL: http://www.mistersp.com/\nMail List Post: http://attrition.org/pipermail/vim/2007-January/001256.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-01/0464.html\nMail List Post: http://attrition.org/pipermail/vim/2007-January/001252.html\nMail List Post: http://attrition.org/pipermail/vim/2007-January/001249.html\nISS X-Force ID: 31610\n[CVE-2007-0398](https://vulners.com/cve/CVE-2007-0398)\n", "modified": "2007-01-19T23:08:11", "published": "2007-01-19T23:08:11", "href": "https://vulners.com/osvdb/OSVDB:33556", "id": "OSVDB:33556", "title": "Arnotic a-forum forum.php3 Multiple Variable XSS", "type": "osvdb", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:22", "bulletinFamily": "software", "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "modified": "2007-01-20T00:00:00", "published": "2007-01-20T00:00:00", "id": "SECURITYVULNS:VULN:7072", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7072", "title": "Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}]}
