Lucene search

[email protected]CVE-2007-1050

HistoryFeb 21, 2007 - 11:28 p.m.

CVE-2007-1050

2007-02-2123:28:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2007-1050

cross-site scripting

xss

vulnerabilities

abledesign mycalendar

index.php

web security

nvd

search optimization

6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.013 Low

EPSS

Percentile

85.9%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in index.php in AbleDesign MyCalendar allow remote attackers to inject arbitrary web script or HTML via (1) the go parameter, (2) the keyword parameter in the search menu (go=search), or (3) the username or (4) the password in a go=Login action.

CPENameOperatorVersion
abledesign:mycalendarabledesign mycalendareq*

CPE	Name	Operator	Version
abledesign:mycalendar	abledesign mycalendar	eq	*

References

forums.avenir-geopolitique.net/viewtopic.php?t=2686

osvdb.org/33317

osvdb.org/33318

osvdb.org/33319

secunia.com/advisories/24222

securityreason.com/securityalert/2270

www.securityfocus.com/archive/1/460598/100/0/threaded

www.securityfocus.com/bid/22635

www.vupen.com/english/advisories/2007/0679

exchange.xforce.ibmcloud.com/vulnerabilities/32581

6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.013 Low

EPSS

Percentile

85.9%

JSON

Related for CVE-2007-1050

prion1 securityvulns1