Lucene search

[email protected]CVE-2007-3243

HistoryJun 15, 2007 - 1:30 a.m.

CVE-2007-3243

2007-06-1501:30:00

[email protected]

web.nvd.nist.gov

cve-2007-3243

cross-site scripting

xss

bbpress 0.8.1

security vulnerability

web script injection

html injection

remote attackers

referer header

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.6%

JSON

Cross-site scripting (XSS) vulnerability in bb-login.php in bbPress 0.8.1 allows remote attackers to inject arbitrary web script or HTML via the re parameter. NOTE: exploitation may require forcing the client to send a certain Referer header.

Affected configurations

NVD

Node

bbpressbbpressMatch0.8.1

CPENameOperatorVersion
bbpress:bbpressbbpresseq0.8.1

CPE	Name	Operator	Version
bbpress:bbpress	bbpress	eq	0.8.1

References

osvdb.org/36818

www.dragoslungu.com/2007/05/30/top-10-open-source-bulletin-boards-12-months-of-vulnerabilities/#comment-55

www.dragoslungu.com/2007/06/07/bbpress-xss-vulnerability/

www.securityfocus.com/bid/24422

exchange.xforce.ibmcloud.com/vulnerabilities/34947

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.6%

JSON

Related for CVE-2007-3243

cvelist1 prion1 nvd1