Lucene search

[email protected]CVE-2007-1177

HistoryMar 02, 2007 - 9:18 p.m.

CVE-2007-1177

2007-03-0221:18:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

webapp

security

vulnerability

filtering

xss

nvd

cve-2007-1177

6.3 Medium

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.003 Low

EPSS

Percentile

70.0%

JSON

WebAPP before 0.9.9.5 does not properly filter certain characters in contexts related to (1) the query string, (2) Profiles, (3) the Forum Post icon field, (4) the Edit Profile, and (5) the Gallery, which has unknown impact and remote attack vectors, possibly related to cross-site scripting (XSS).

CPENameOperatorVersion
web-app.org:webappweb-app.org webappeq0.9.9.3
web-app.org:webappweb-app.org webappeq0.9.9.3.2
web-app.org:webappweb-app.org webappeq0.9.9.2.1
web-app.org:webappweb-app.org webappeq0.9.9.2
web-app.org:webappweb-app.org webappeq0.9.9.1
web-app.org:webappweb-app.org webappeq0.9.9
web-app.org:webappweb-app.org webappeq0.9.9.3.1
web-app.org:webappweb-app.org webappeq0.9.9.4

CPE	Name	Operator	Version
web-app.org:webapp	web-app.org webapp	eq	0.9.9.3
web-app.org:webapp	web-app.org webapp	eq	0.9.9.3.2
web-app.org:webapp	web-app.org webapp	eq	0.9.9.2.1
web-app.org:webapp	web-app.org webapp	eq	0.9.9.2
web-app.org:webapp	web-app.org webapp	eq	0.9.9.1
web-app.org:webapp	web-app.org webapp	eq	0.9.9
web-app.org:webapp	web-app.org webapp	eq	0.9.9.3.1
web-app.org:webapp	web-app.org webapp	eq	0.9.9.4

References

osvdb.org/33277

osvdb.org/33283

osvdb.org/33286

osvdb.org/33287

secunia.com/advisories/24080

www.securityfocus.com/bid/22563

www.vupen.com/english/advisories/2007/0604

www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=250

6.3 Medium

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.003 Low

EPSS

Percentile

70.0%

JSON

Related for CVE-2007-1177

prion1 securityvulns1