Lucene search

[email protected]CVE-2007-3559

HistoryJul 04, 2007 - 4:30 p.m.

CVE-2007-3559

2007-07-0416:30:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-3559

xss vulnerability

php-fusion

web script injection

html injection

security vulnerability

5.9 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

64.9%

JSON

Cross-site scripting (XSS) vulnerability in infusions/shoutbox_panel/shoutbox_panel.php in PHP-Fusion 6.01.10 and 6.01.9, when guest posts are enabled, allows remote authenticated users to inject arbitrary web script or HTML via the URI, related to the FUSION_QUERY constant.

CPENameOperatorVersion
php-fusion:php-fusionphp-fusioneq6.01.9
php-fusion:php-fusionphp-fusioneq6.01.10

CPE	Name	Operator	Version
php-fusion:php-fusion	php-fusion	eq	6.01.9
php-fusion:php-fusion	php-fusion	eq	6.01.10

References

osvdb.org/36342

secunia.com/advisories/25907

www.securityfocus.com/bid/24733

www.xssed.com/advisory/60/PHP-FUSION_FUSION_QUERY_Cross-Site_Scripting_Vulnerability/

exchange.xforce.ibmcloud.com/vulnerabilities/35225

5.9 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

64.9%

JSON

Related for CVE-2007-3559

prion1