Lucene search

[email protected]CVE-2007-3249

HistoryJun 18, 2007 - 10:30 a.m.

CVE-2007-3249

2007-06-1810:30:00

[email protected]

web.nvd.nist.gov

cve

2007

3249

cross-site scripting

xss

mod_lettermansubscribe.php

letterman subscriber

joomla

remote attackers

web script

html

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.2%

JSON

Cross-site scripting (XSS) vulnerability in mod_lettermansubscribe.php in the Letterman Subscriber (mod_letterman) before 1.2.5 module for Joomla! allows remote attackers to inject arbitrary web script or HTML via the Itemid parameter.

Affected configurations

NVD

Node

joomlaletterman_subscriberRange≤1.2.3

CPENameOperatorVersion
joomla:letterman_subscriberjoomla letterman subscriberle1.2.3

CPE	Name	Operator	Version
joomla:letterman_subscriber	joomla letterman subscriber	le	1.2.3

References

marc.info/?l=full-disclosure&m=118184411720509&w=2

osvdb.org/36376

secunia.com/advisories/25670

www.securityfocus.com/bid/24479

www.thejfactory.com/

www.vupen.com/english/advisories/2007/2215

exchange.xforce.ibmcloud.com/vulnerabilities/34870

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.2%

JSON

Related for CVE-2007-3249

cvelist1 nvd1 prion1