Lucene search

MitreCVE-2007-4144

HistoryAug 03, 2007 - 8:17 p.m.

CVE-2007-4144

2007-08-0320:17:00

CWE-79

mitre

web.nvd.nist.gov

cve-2007-4144

mitridat

email form processor pro

xss vulnerability

web script injection

html injection

form processor

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.006

Percentile

79.1%

JSON

Cross-site scripting (XSS) vulnerability in sample-forms/simple-contact-form-with-preview/simple-contact-form-with-preview.html in MitriDAT eMail Form Processor Pro allows remote attackers to inject arbitrary web script or HTML via the base_path parameter, possibly related to (1) formprocessorpro.php in the PHP version of the product, and (2) formprocessorpro.pl in the Perl version of the product.

Affected configurations

Nvd

Node

mitridatform_processor_proRange≤4.0

VendorProductVersionCPE
mitridatform_processor_pro*cpe:2.3:a:mitridat:form_processor_pro:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mitridat	form_processor_pro	*	cpe:2.3:a:mitridat:form_processor_pro::::::::

References

secunia.com/advisories/26225

securityreason.com/securityalert/2961

www.securityfocus.com/archive/1/474615/100/0/threaded

www.vupen.com/english/advisories/2007/2700

exchange.xforce.ibmcloud.com/vulnerabilities/35695

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.006

Percentile

79.1%

JSON

Related for CVE-2007-4144