Lucene search
MitreCVE-2007-3448HistoryJun 27, 2007 - 12:30 a.m.
CVE-2007-3448
2007-06-2700:30:00
CWE-79
mitre
web.nvd.nist.gov
29
cve-2007-3448
xss
web script injection
html injection
bugmall shopping cart 2.5
security vulnerability
nvd
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.7
Confidence
High
EPSS
0.006
Percentile
78.3%
Cross-site scripting (XSS) vulnerability in index.php in BugMall Shopping Cart 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the msgs parameter. NOTE: 4.0.2 and other versions might also be affected.
Affected configurations
Node
bugmallshopping_cart
ORbugmallshopping_cartRange≤2.5
| Vendor | Product | Version | CPE |
|---|---|---|---|
| bugmall | shopping_cart | * | cpe:2.3:a:bugmall:shopping_cart:*:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2007-3448
2007-06-27 00:00:00
prion
prion
Cross site scripting
2007-06-27 00:30:00
nvd
nvd
CVE-2007-3448
2007-06-27 00:30:00
exploitdb
exploitdb
bugmall shopping cart 2.5 - SQL Injection / Cross-Site Scripting
2007-06-25 00:00:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.7
Confidence
High
EPSS
0.006
Percentile
78.3%
Related for CVE-2007-3448