Lucene search

MitreCVE-2007-3352

HistoryJun 22, 2007 - 6:30 p.m.

CVE-2007-3352

2007-06-2218:30:00

mitre

web.nvd.nist.gov

cwe-79

xss

cve-2007-3352

stephen ostermiller contact form

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.004

Percentile

75.0%

JSON

Cross-site scripting (XSS) vulnerability in the preview form in Stephen Ostermiller Contact Form before 2.00.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that contain an apostrophe.

Affected configurations

Nvd

Node

stephen_ostermillercontact_formMatch2.00.02

VendorProductVersionCPE
stephen_ostermillercontact_form2.00.02cpe:2.3:a:stephen_ostermiller:contact_form:2.00.02:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
stephen_ostermiller	contact_form	2.00.02	cpe:2.3:a:stephen_ostermiller:contact_form:2.00.02:::::::*

References

bugzilla.ostermiller.com/show_bug.cgi?id=151

ostermiller.org/contactform/

osvdb.org/36372

secunia.com/advisories/25812

www.attrition.org/pipermail/vim/2007-June/001669.html

www.securityfocus.com/bid/24559

www.vupen.com/english/advisories/2007/2333

exchange.xforce.ibmcloud.com/vulnerabilities/34962

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.004

Percentile

75.0%

JSON

Related for CVE-2007-3352