Lucene search

[email protected]CVE-2007-2716

HistoryMay 16, 2007 - 7:28 p.m.

CVE-2007-2716

2007-05-1619:28:00

[email protected]

web.nvd.nist.gov

cve-2007-2716

cross-site scripting

xss

eqdkp

web security

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

5.8 Medium

AI Score

Confidence

High

0.024 Low

EPSS

Percentile

90.0%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in EQdkp 1.3.2c and earlier allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) listmembers.php and (2) stats.php. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

eqdkpeqdkpRange≤1.3.2c

eqdkpeqdkpMatch1.1.0

eqdkpeqdkpMatch1.2.0

eqdkpeqdkpMatch1.3.0

eqdkpeqdkpMatch1.3.1

eqdkpeqdkpMatch1.3.1_p1

eqdkpeqdkpMatch1.3_p4

CPENameOperatorVersion
eqdkp:eqdkpeqdkple1.3.2c
eqdkp:eqdkpeqdkpeq1.1.0
eqdkp:eqdkpeqdkpeq1.2.0
eqdkp:eqdkpeqdkpeq1.3.0
eqdkp:eqdkpeqdkpeq1.3.1
eqdkp:eqdkpeqdkpeq1.3.1_p1
eqdkp:eqdkpeqdkpeq1.3_p4

CPE	Name	Operator	Version
eqdkp:eqdkp	eqdkp	le	1.3.2c
eqdkp:eqdkp	eqdkp	eq	1.1.0
eqdkp:eqdkp	eqdkp	eq	1.2.0
eqdkp:eqdkp	eqdkp	eq	1.3.0
eqdkp:eqdkp	eqdkp	eq	1.3.1
eqdkp:eqdkp	eqdkp	eq	1.3.1_p1
eqdkp:eqdkp	eqdkp	eq	1.3_p4

References

marc.info/?l=full-disclosure&m=117901012506948&w=2

marc.info/?l=full-disclosure&m=117901106013812&w=2

osvdb.org/36051

osvdb.org/36052

secunia.com/advisories/25249

www.securityfocus.com/bid/23951

exchange.xforce.ibmcloud.com/vulnerabilities/34335

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

5.8 Medium

AI Score

Confidence

High

0.024 Low

EPSS

Percentile

90.0%

JSON

Related for CVE-2007-2716

prion1 nvd1 cvelist1