Lucene search

[email protected]CVE-2007-2011

HistoryApr 12, 2007 - 7:19 p.m.

CVE-2007-2011

2007-04-1219:19:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-2011

cross-site scripting

xss

deskpro 2.0.1

security vulnerability

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.011 Low

EPSS

Percentile

84.1%

JSON

Cross-site scripting (XSS) vulnerability in login.php in DeskPro 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the username parameter.

CPENameOperatorVersion
deskpro:deskprodeskproeq2.0.1

CPE	Name	Operator	Version
deskpro:deskpro	deskpro	eq	2.0.1

References

john-martinelli.com/work/deskpro.txt

osvdb.org/34721

secunia.com/advisories/24844

securityreason.com/securityalert/2556

www.securityfocus.com/archive/1/465089/100/0/threaded

www.securityfocus.com/bid/23381

www.vupen.com/english/advisories/2007/1320

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.011 Low

EPSS

Percentile

84.1%

JSON

Related for CVE-2007-2011

prion1 securityvulns1 malwarebytes1