Lucene search

[email protected]CVE-2007-2932

HistoryMay 31, 2007 - 12:30 a.m.

CVE-2007-2932

2007-05-3100:30:00

[email protected]

web.nvd.nist.gov

cve-2007-2932

cross-site scripting

xss

boastmachine

index.php

web script

html

vulnerability

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.1%

JSON

Cross-site scripting (XSS) vulnerability in index.php in BoastMachine allows remote attackers to inject arbitrary web script or HTML via the blog parameter in a content search action.

Affected configurations

NVD

Node

boastmachineboastmachineMatch3.1

CPENameOperatorVersion
boastmachine:boastmachineboastmachineeq3.1

CPE	Name	Operator	Version
boastmachine:boastmachine	boastmachine	eq	3.1

References

jvn.jp/en/jp/JVN65660590/index.html

osvdb.org/38060

securityreason.com/securityalert/2743

www.securityfocus.com/archive/1/469590/100/0/threaded

www.securityfocus.com/bid/24156

exchange.xforce.ibmcloud.com/vulnerabilities/34509

Social References

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.1%

JSON

Related for CVE-2007-2932

nvd1 jvn1 cvelist1 prion1