Lucene search

[email protected]CVE-2007-3417

HistoryJun 26, 2007 - 11:30 p.m.

CVE-2007-3417

2007-06-2623:30:00

[email protected]

web.nvd.nist.gov

cve

2007

3417

xss

vulnerabilities

web-app.org

webapp

search string

html

remote attackers

nvd

5.7 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

64.5%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/cgi-lib/search.pl in web-app.org WebAPP before 0.9.9.7 allow remote attackers to inject arbitrary web script or HTML via a search string, which is not sanitized when an HREF attribute is printed by the (1) process_search or (2) show_recent_searches function.

Affected configurations

NVD

Node

web-app.orgwebappRange≤0.9.9.6

CPENameOperatorVersion
web-app.org:webappweb-app.org webapple0.9.9.6

CPE	Name	Operator	Version
web-app.org:webapp	web-app.org webapp	le	0.9.9.6

References

osvdb.org/45398

www.web-app.org/cgi-bin/index.cgi?action=forum&board=how_to&op=display&num=9458

www.web-app.org/downloads/WebAPPv0.9.9.7.zip

5.7 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

64.5%

JSON

Related for CVE-2007-3417

prion1 cvelist1 nvd1