Lucene search

[email protected]CVE-2007-1231

HistoryMar 03, 2007 - 7:19 p.m.

CVE-2007-1231

2007-03-0319:19:00

CWE-79

[email protected]

web.nvd.nist.gov

sqlitemanager

cross-site scripting

xss

vulnerabilities

security

nvd

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

76.9%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in SQLiteManager 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) database name, (2) table name, (3) ViewName, (4) view, (5) trigger, and (6) function fields in main.php and certain other files.

CPENameOperatorVersion
sqlitemanager:sqlitemanagersqlitemanagereq1.2.0

CPE	Name	Operator	Version
sqlitemanager:sqlitemanager	sqlitemanager	eq	1.2.0

References

osvdb.org/34634

securityreason.com/securityalert/2366

www.securityfocus.com/archive/1/461304/100/0/threaded

www.securityfocus.com/bid/22731

exchange.xforce.ibmcloud.com/vulnerabilities/32692

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

76.9%

JSON

Related for CVE-2007-1231

prion1 securityvulns1