Search...

CVE-2007-3269

2007-06-19T17:30:00

ID CVE-2007-3269
Type cve
Reporter NVD
Modified 2017-07-28T21:32:07

Description

Multiple cross-site scripting (XSS) vulnerabilities in Papoo Light 3.6 before 20070611 allow remote attackers to inject arbitrary web script or HTML via (1) the URI in a GET request or (2) the Title field of a visitor comment, and (3) allow remote authenticated users to inject arbitrary web script or HTML via a message to another user. NOTE: vector (2) might overlap CVE-2006-3571.1.

JSON Vulners Source

Initial Source

{"id": "CVE-2007-3269", "bulletinFamily": "NVD", "title": "CVE-2007-3269", "description": "Multiple cross-site scripting (XSS) vulnerabilities in Papoo Light 3.6 before 20070611 allow remote attackers to inject arbitrary web script or HTML via (1) the URI in a GET request or (2) the Title field of a visitor comment, and (3) allow remote authenticated users to inject arbitrary web script or HTML via a message to another user. NOTE: vector (2) might overlap CVE-2006-3571.1.", "published": "2007-06-19T17:30:00", "modified": "2017-07-28T21:32:07", "cvss": {"score": 3.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3269", "reporter": "NVD", "references": ["http://securityreason.com/securityalert/2825", "http://www.securityfocus.com/archive/1/archive/1/471490/100/0/threaded", "https://exchange.xforce.ibmcloud.com/vulnerabilities/34888", "http://www.securityfocus.com/bid/24494", "http://www.papoo.de/index/menuid/204/reporeid/215"], "cvelist": ["CVE-2007-3269"], "type": "cve", "lastseen": "2017-07-29T11:22:05", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:papoo:papoo_cms_light:3.6"], "cvelist": ["CVE-2007-3269"], "cvss": {"score": 3.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "Multiple cross-site scripting (XSS) vulnerabilities in Papoo Light 3.6 before 20070611 allow remote attackers to inject arbitrary web script or HTML via (1) the URI in a GET request or (2) the Title field of a visitor comment, and (3) allow remote authenticated users to inject arbitrary web script or HTML via a message to another user. NOTE: vector (2) might overlap CVE-2006-3571.1.", "edition": 1, "enchantments": {}, "hash": "18f14adc5f23c5ce824c6f69d6ae00a4516e06ac053cd03e803b67727cc0699d", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "5d492b1555535621cbd9a272ca932ddd", "key": "cpe"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "d16a1892885a4cedfc7b1d4344ffb50d", "key": "cvss"}, {"hash": "213e34adec55550b0be25ea362c978bc", "key": "references"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "4a09c27e3be56013d9cfda32fd051d8c", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "d6b17728c7ba9eea08a6f224dd213e03", "key": "href"}, {"hash": "382ff177d7063d958bad023b2f4d1963", "key": "title"}, {"hash": "ca7ab2f5954c2edd996f0abb665581e1", "key": "modified"}, {"hash": "6f0fcb0daf96b0aba77b881c261af6a8", "key": "description"}, {"hash": "00480d9e8bcd6beba918b21a50cc9d0a", "key": "published"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3269", "id": "CVE-2007-3269", "lastseen": "2016-09-03T09:04:06", "modified": "2008-11-15T01:52:01", "objectVersion": "1.2", "published": "2007-06-19T17:30:00", "references": ["http://securityreason.com/securityalert/2825", "http://xforce.iss.net/xforce/xfdb/34888", "http://www.securityfocus.com/archive/1/archive/1/471490/100/0/threaded", "http://www.securityfocus.com/bid/24494", "http://www.papoo.de/index/menuid/204/reporeid/215"], "reporter": "NVD", "scanner": [], "title": "CVE-2007-3269", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T09:04:06"}], "edition": 2, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "5d492b1555535621cbd9a272ca932ddd"}, {"key": "cvelist", "hash": "4a09c27e3be56013d9cfda32fd051d8c"}, {"key": "cvss", "hash": "d16a1892885a4cedfc7b1d4344ffb50d"}, {"key": "description", "hash": "6f0fcb0daf96b0aba77b881c261af6a8"}, {"key": "href", "hash": "d6b17728c7ba9eea08a6f224dd213e03"}, {"key": "modified", "hash": "2a7f26100eedeabeaf8ea0f8074c5ae5"}, {"key": "published", "hash": "00480d9e8bcd6beba918b21a50cc9d0a"}, {"key": "references", "hash": "6e97bc91a970fdc9e25566cd21fd50d2"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "382ff177d7063d958bad023b2f4d1963"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "d40a032c41425065631d72206471d74a3fae82b9d0f0d1dc1a37a5def70d6c7b", "viewCount": 0, "enchantments": {"score": {"value": 4.3, "vector": "NONE", "modified": "2017-07-29T11:22:05"}, "vulnersScore": 4.3}, "objectVersion": "1.3", "cpe": ["cpe:/a:papoo:papoo_cms_light:3.6"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}

{"result": {"osvdb": [{"lastseen": "2017-04-28T13:20:33", "references": [], "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://www.papoo.de/index/menuid/204/reporeid/215\n[Secunia Advisory ID:25708](https://secuniaresearch.flexerasoftware.com/advisories/25708/)\n[Related OSVDB ID: 37544](https://vulners.com/osvdb/OSVDB:37544)\n[Related OSVDB ID: 37546](https://vulners.com/osvdb/OSVDB:37546)\n[Related OSVDB ID: 37543](https://vulners.com/osvdb/OSVDB:37543)\n[Related OSVDB ID: 37542](https://vulners.com/osvdb/OSVDB:37542)\nOther Advisory URL: http://securityreason.com/securityalert/2825\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-06/0204.html\nISS X-Force ID: 34888\n[CVE-2007-3269](https://vulners.com/cve/CVE-2007-3269)\nBugtraq ID: 24494\n", "edition": 1, "reporter": "OSVDB", "published": "2007-06-15T11:03:53", "title": "Papoo CMS Visitor Comment TItle Field XSS", "type": "osvdb", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2007-3269"], "modified": "2007-06-15T11:03:53", "href": "https://vulners.com/osvdb/OSVDB:37545", "id": "OSVDB:37545", "cvss": {"score": 3.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:33", "references": [], "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://www.papoo.de/index/menuid/204/reporeid/215\n[Secunia Advisory ID:25708](https://secuniaresearch.flexerasoftware.com/advisories/25708/)\n[Related OSVDB ID: 37546](https://vulners.com/osvdb/OSVDB:37546)\n[Related OSVDB ID: 37543](https://vulners.com/osvdb/OSVDB:37543)\n[Related OSVDB ID: 37542](https://vulners.com/osvdb/OSVDB:37542)\n[Related OSVDB ID: 37545](https://vulners.com/osvdb/OSVDB:37545)\nOther Advisory URL: http://securityreason.com/securityalert/2825\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-06/0204.html\nISS X-Force ID: 34888\n[CVE-2007-3269](https://vulners.com/cve/CVE-2007-3269)\nBugtraq ID: 24494\n", "edition": 1, "reporter": "OSVDB", "published": "2007-06-15T11:03:53", "title": "Papoo CMS GET Request URI XSS", "type": "osvdb", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2007-3269"], "modified": "2007-06-15T11:03:53", "href": "https://vulners.com/osvdb/OSVDB:37544", "id": "OSVDB:37544", "cvss": {"score": 3.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:33", "references": [], "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://www.papoo.de/index/menuid/204/reporeid/215\n[Secunia Advisory ID:25708](https://secuniaresearch.flexerasoftware.com/advisories/25708/)\n[Related OSVDB ID: 37544](https://vulners.com/osvdb/OSVDB:37544)\n[Related OSVDB ID: 37543](https://vulners.com/osvdb/OSVDB:37543)\n[Related OSVDB ID: 37545](https://vulners.com/osvdb/OSVDB:37545)\nOther Advisory URL: http://securityreason.com/securityalert/2825\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-06/0204.html\nISS X-Force ID: 34888\n[CVE-2007-3269](https://vulners.com/cve/CVE-2007-3269)\nBugtraq ID: 24494\n", "edition": 1, "reporter": "OSVDB", "published": "2007-06-15T11:03:53", "title": "Papoo CMS Internal Mail Multiple Variable XSS", "type": "osvdb", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2007-3269"], "modified": "2007-06-15T11:03:53", "href": "https://vulners.com/osvdb/OSVDB:37546", "id": "OSVDB:37546", "cvss": {"score": 3.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:NONE/"}}]}}