Lucene search

[email protected]CVE-2007-3835

HistoryJul 17, 2007 - 10:30 p.m.

CVE-2007-3835

2007-07-1722:30:00

[email protected]

web.nvd.nist.gov

cve

2007

3835

cross-site scripting

xss

vulnerability

ex libris

metalib

remote attackers

web script

html

resource id

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

5.6 Medium

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.9%

JSON

Cross-site scripting (XSS) vulnerability in Ex Libris MetaLib 3.13 and 4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a resource id that can be discovered through a search.

Affected configurations

NVD

Node

exlibris_groupmetalibMatch3.13

exlibris_groupmetalibMatch4

CPENameOperatorVersion
exlibris_group:metalibexlibris group metalibeq3.13
exlibris_group:metalibexlibris group metalibeq4

CPE	Name	Operator	Version
exlibris_group:metalib	exlibris group metalib	eq	3.13
exlibris_group:metalib	exlibris group metalib	eq	4

References

escarpment.net/exlibris.txt

lists.grok.org.uk/pipermail/full-disclosure/2007-July/064666.html

osvdb.org/36877

secunia.com/advisories/26162

securityreason.com/securityalert/2889

www.securityfocus.com/archive/1/473785/100/0/threaded

www.securityfocus.com/bid/24978

exchange.xforce.ibmcloud.com/vulnerabilities/35431

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

5.6 Medium

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.9%

JSON

Related for CVE-2007-3835

cvelist2 prion2 nvd2 cve1