Lucene search
HistoryJun 20, 2007 - 9:30 p.m.
CVE-2007-3291
cve-2007-3291
cross-site scripting
xss vulnerability
livecms
article name
titulo parameter
web security
nvd
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.8 Medium
AI Score
Confidence
High
0.006 Low
EPSS
Percentile
79.2%
Cross-site scripting (XSS) vulnerability in LiveCMS 3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via an article name, possibly involving the titulo parameter in article.php.
Affected configurations
Node
livecmslivecmsMatch3.0
ORlivecmslivecmsMatch3.3
ORlivecmslivecmsMatch3.3_rc1
ORlivecmslivecmsMatch3.3_rc2
ORlivecmslivecmsMatch3.4
ORlivecmslivecmsMatch3.4a
Related
prion
prion
Cross site scripting
2007-06-20 21:30:00
nvd
nvd
CVE-2007-3291
2007-06-20 21:30:00
cvelist
cvelist
CVE-2007-3291
2007-06-20 21:00:00
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.8 Medium
AI Score
Confidence
High
0.006 Low
EPSS
Percentile
79.2%
Related for CVE-2007-3291