Lucene search

[email protected]CVE-2007-2914

HistoryMay 30, 2007 - 10:30 a.m.

CVE-2007-2914

2007-05-3010:30:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2007-2914

cross-site scripting

xss

psychostats 3.0.6b

security vulnerability

remote attackers

6.4 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.007 Low

EPSS

Percentile

80.3%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in PsychoStats 3.0.6b allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) awards.php, (2) login.php, (3) register.php, (4) weapons.php, and possibly other unspecified files.

CPENameOperatorVersion
psychostats:psychostatspsychostatseq3.0.6b

CPE	Name	Operator	Version
psychostats:psychostats	psychostats	eq	3.0.6b

References

osvdb.org/36639

osvdb.org/36640

osvdb.org/36641

osvdb.org/36642

redlevel.org/wp-content/uploads/psychostats.txt

secunia.com/advisories/25387

securityreason.com/securityalert/2750

www.securityfocus.com/archive/1/469260/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/34439

6.4 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.007 Low

EPSS

Percentile

80.3%

JSON

Related for CVE-2007-2914

prion1