Lucene search

[email protected]CVE-2007-2716

HistoryMay 16, 2007 - 7:28 p.m.

CVE-2007-2716

2007-05-1619:28:00

[email protected]

web.nvd.nist.gov

cve-2007-2716

cross-site scripting

xss

eqdkp

web security

5.8 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.024 Low

EPSS

Percentile

89.9%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in EQdkp 1.3.2c and earlier allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) listmembers.php and (2) stats.php. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

eqdkpeqdkpRange≤1.3.2c

eqdkpeqdkpMatch1.1.0

eqdkpeqdkpMatch1.2.0

eqdkpeqdkpMatch1.3.0

eqdkpeqdkpMatch1.3.1

eqdkpeqdkpMatch1.3.1_p1

eqdkpeqdkpMatch1.3_p4

CPENameOperatorVersion
eqdkp:eqdkpeqdkple1.3.2c
eqdkp:eqdkpeqdkpeq1.1.0
eqdkp:eqdkpeqdkpeq1.2.0
eqdkp:eqdkpeqdkpeq1.3.0
eqdkp:eqdkpeqdkpeq1.3.1
eqdkp:eqdkpeqdkpeq1.3.1_p1
eqdkp:eqdkpeqdkpeq1.3_p4

CPE	Name	Operator	Version
eqdkp:eqdkp	eqdkp	le	1.3.2c
eqdkp:eqdkp	eqdkp	eq	1.1.0
eqdkp:eqdkp	eqdkp	eq	1.2.0
eqdkp:eqdkp	eqdkp	eq	1.3.0
eqdkp:eqdkp	eqdkp	eq	1.3.1
eqdkp:eqdkp	eqdkp	eq	1.3.1_p1
eqdkp:eqdkp	eqdkp	eq	1.3_p4

References

marc.info/?l=full-disclosure&m=117901012506948&w=2

marc.info/?l=full-disclosure&m=117901106013812&w=2

osvdb.org/36051

osvdb.org/36052

secunia.com/advisories/25249

www.securityfocus.com/bid/23951

exchange.xforce.ibmcloud.com/vulnerabilities/34335

5.8 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.024 Low

EPSS

Percentile

89.9%

JSON

Related for CVE-2007-2716

prion1 nvd1 cvelist1