Lucene search

[email protected]CVE-2007-1939

HistoryApr 10, 2007 - 11:19 p.m.

CVE-2007-1939

2007-04-1023:19:00

[email protected]

web.nvd.nist.gov

cve-2007-1939

cross-site scripting

xss

daniel naber languagetool

security vulnerability

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

5.8 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.4%

JSON

Cross-site scripting (XSS) vulnerability in the embedded webserver in Daniel Naber LanguageTool before 0.8.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message, possibly the demultiplex method in HTTPServer.java.

Affected configurations

NVD

Node

daniel_naberlanguagetoolRange≤0.8.8

CPENameOperatorVersion
daniel_naber:languagetooldaniel naber languagetoolle0.8.8

CPE	Name	Operator	Version
daniel_naber:languagetool	daniel naber languagetool	le	0.8.8

References

www.danielnaber.de/languagetool/download/CHANGES.txt

www.vupen.com/english/advisories/2007/1759

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

5.8 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.4%

JSON

Related for CVE-2007-1939

nvd1 prion1 cvelist1 securityvulns1