Lucene search

[email protected]CVE-2007-4192

HistoryAug 08, 2007 - 1:17 a.m.

CVE-2007-4192

2007-08-0801:17:00

[email protected]

web.nvd.nist.gov

cve-2007-4192

cross-site scripting

xss

web security

ide group dvd rental system

application service provider

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

79.3%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in IDE Group DVD Rental System (DRS) 5.1 before 20070801 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: it is not clear whether IDE Group updates all DRS installations in its role as an application service provider. If so, then this issue should not be included in CVE.

Affected configurations

NVD

Node

ide_groupdvd_rental_system_drsMatch5.1

CPENameOperatorVersion
ide_group:dvd_rental_system_drside group dvd rental system drseq5.1

CPE	Name	Operator	Version
ide_group:dvd_rental_system_drs	ide group dvd rental system drs	eq	5.1

References

archives.neohapsis.com/archives/fulldisclosure/2007-08/0020.html

osvdb.org/39522

secunia.com/advisories/26310

www.securityfocus.com/bid/25177

www.vupen.com/english/advisories/2007/2806

exchange.xforce.ibmcloud.com/vulnerabilities/35768

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

79.3%

JSON

Related for CVE-2007-4192

nvd1 prion1 cvelist1