Lucene search

[email protected]CVE-2007-2732

HistoryMay 16, 2007 - 10:30 p.m.

CVE-2007-2732

2007-05-1622:30:00

[email protected]

web.nvd.nist.gov

cve-2007-2732

xss

jetbox cms

security vulnerabilities

web script

html

nvd

5.8 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.033 Low

EPSS

Percentile

91.3%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS allow remote attackers to inject arbitrary web script or HTML via the (1) path parameter to view/search/; or the (2) companyname, (3) country, (4) email, (5) firstname, (6) middlename, (7) required, (8) surname, or (9) title parameter to view/supplynews/.

Affected configurations

NVD

Node

jetboxjetbox_cmsMatch2.1

CPENameOperatorVersion
jetbox:jetbox_cmsjetbox jetbox cmseq2.1

CPE	Name	Operator	Version
jetbox:jetbox_cms	jetbox jetbox cms	eq	2.1

References

osvdb.org/37451

osvdb.org/37452

securityreason.com/securityalert/2711

www.securityfocus.com/archive/1/468681/100/0/threaded

www.securityfocus.com/bid/23999

www.vupen.com/english/advisories/2007/1831

Social References

5.8 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.033 Low

EPSS

Percentile

91.3%

JSON

Related for CVE-2007-2732

prion1 cvelist1 nvd1