Lucene search

[email protected]CVE-2007-3685

HistoryJul 11, 2007 - 5:30 p.m.

CVE-2007-3685

2007-07-1117:30:00

[email protected]

web.nvd.nist.gov

cve-2007-3685

xss

rpc.php

unobtrusive ajax star rating bar

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.7%

JSON

Cross-site scripting (XSS) vulnerability in rpc.php in Unobtrusive Ajax Star Rating Bar before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter.

Affected configurations

NVD

Node

masuga_designunobtrusive_ajax_star_rating_barRange≤1.1.9

CPENameOperatorVersion
masuga_design:unobtrusive_ajax_star_rating_barmasuga design unobtrusive ajax star rating barle1.1.9

CPE	Name	Operator	Version
masuga_design:unobtrusive_ajax_star_rating_bar	masuga design unobtrusive ajax star rating bar	le	1.1.9

References

secunia.com/advisories/25985

www.cirt.net/advisories/unobtrusive_ajax_star_rating.shtml

www.osvdb.org/35935

www.securityfocus.com/bid/24840

exchange.xforce.ibmcloud.com/vulnerabilities/35326

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.7%

JSON

Related for CVE-2007-3685

nvd1 cvelist1 prion1