Lucene search

[email protected]CVE-2007-3569

HistoryJul 05, 2007 - 7:30 p.m.

CVE-2007-3569

2007-07-0519:30:00

[email protected]

web.nvd.nist.gov

cve-2007-3569

xss

oliver library management system

security vulnerabilities

web script injection

html injection

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.5%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Oliver Library Management System allow remote attackers to inject arbitrary web script or HTML via the (1) updateform and (2) displayform parameter to (a) gateway/gateway.exe; the (3) TERMS, (4) database, (5) srchad, (6) SuggestedSearch, and (7) searchform parameters to the (b) “Basic Search page”; and (8) username parameter when © logging on.

Affected configurations

NVD

Node

softlink_europeoliver_library_management_system

CPENameOperatorVersion
softlink_europe:oliver_library_management_systemsoftlink europe oliver library management systemeq*

CPE	Name	Operator	Version
softlink_europe:oliver_library_management_system	softlink europe oliver library management system	eq	*

References

lists.grok.org.uk/pipermail/full-disclosure/2007-July/055355.html

osvdb.org/37059

osvdb.org/37060

osvdb.org/37061

secunia.com/advisories/25930

securityreason.com/securityalert/2868

www.securityfocus.com/archive/1/472738/100/0/threaded

www.securityfocus.com/bid/24754

www.vupen.com/english/advisories/2007/2432

exchange.xforce.ibmcloud.com/vulnerabilities/35251

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.5%

JSON

Related for CVE-2007-3569

cvelist1 prion1 nvd1