Lucene search

K
cveMitreCVE-2007-3708
HistoryJul 11, 2007 - 11:30 p.m.

CVE-2007-3708

2007-07-1123:30:00
mitre
web.nvd.nist.gov
35
cve-2007-3708
xss vulnerability
codeigniter
web security
nvd
remote attack
html injection
web script
xss_clean.

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.006

Percentile

78.6%

Cross-site scripting (XSS) vulnerability in CodeIgniter 1.5.3 before 20070626 allows remote attackers to inject arbitrary web script or HTML via (1) String.fromCharCode and (2) malformed nested tag manipulations in an unspecified component, related to insufficient sanitization by the xss_clean function.

Affected configurations

Nvd
Node
codeignitercodeigniterMatch1.5.3
VendorProductVersionCPE
codeignitercodeigniter1.5.3cpe:/a:codeigniter:codeigniter:1.5.3:::

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.006

Percentile

78.6%

Related for CVE-2007-3708