Lucene search

[email protected]CVE-2007-1610

HistoryMar 22, 2007 - 11:19 p.m.

CVE-2007-1610

2007-03-2223:19:00

[email protected]

web.nvd.nist.gov

cve-2007-1610

cross-site scripting

xss

vulnerability

glue software

newsglue

rss reader

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.6 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.9%

JSON

Cross-site scripting (XSS) vulnerability in the RSS reader in Glue Software NewsGlue before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via a feed.

Affected configurations

NVD

Node

glue_softwarenewsglueRange≤1.3.3

CPENameOperatorVersion
glue_software:newsglueglue software newsgluele1.3.3

CPE	Name	Operator	Version
glue_software:newsglue	glue software newsglue	le	1.3.3

References

jvn.jp/jp/JVN%2364227086/index.html

osvdb.org/34408

secunia.com/advisories/24603

www.gluesoft.co.jp/NewsGlue/Update.aspx

www.securityfocus.com/bid/23094

www.vupen.com/english/advisories/2007/1074

exchange.xforce.ibmcloud.com/vulnerabilities/33166

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.6 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.9%

JSON

Related for CVE-2007-1610

prion1 nvd1 cvelist1 securityvulns1