Lucene search

[email protected]CVE-2007-3918

HistoryOct 05, 2007 - 10:17 p.m.

CVE-2007-3918

2007-10-0522:17:00

CWE-79

[email protected]

web.nvd.nist.gov

cve

2007

3918

xss

gforge

4.6b2

account

verify.php

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.4%

JSON

Cross-site scripting (XSS) vulnerability in account/verify.php in GForge 4.6b2 allows remote attackers to inject arbitrary web script or HTML via the confirm_hash parameter.

Affected configurations

NVD

Node

gforgegforgeMatch4.6_b2

CPENameOperatorVersion
gforge:gforgegforgeeq4.6_b2

CPE	Name	Operator	Version
gforge:gforge	gforge	eq	4.6_b2

References

gforge.org/scm/viewvc.php/trunk/gforge/www/account/verify.php?root=gforge&r1=5967&r2=6092

gforge.org/tracker/?func=detail&atid=105&aid=3094&group_id=1

secunia.com/advisories/27042

secunia.com/advisories/27046

www.debian.org/security/2007/dsa-1383

www.securityfocus.com/bid/25923

www.vupen.com/english/advisories/2007/3356

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.4%

JSON

Related for CVE-2007-3918

openvas2 ubuntucve1 cvelist1 nessus2 osv1 nvd1 debian1 prion1