Lucene search

[email protected]CVE-2007-4265

HistoryAug 09, 2007 - 10:17 a.m.

CVE-2007-4265

2007-08-0910:17:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

2007

4265

xss

vulnerabilities

visionproject

web script

html

remote attackers

nvd

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

76.2%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in VisionProject 3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) projectIssueId parameter in EditProjectIssue.do, the (2) projectId parameter in ProjectSelected.do, the (3) folderId parameter in ProjectDocuments.do and the (4) sortField parameter in ProjectIssues.do.

CPENameOperatorVersion
visionera_ab:visionprojectvisionera ab visionprojectle3.1

CPE	Name	Operator	Version
visionera_ab:visionproject	visionera ab visionproject	le	3.1

References

osvdb.org/36433

osvdb.org/36434

osvdb.org/36435

osvdb.org/36436

pridels-team.blogspot.com/2007/08/visionproject-multiple-xss-vuln.html

secunia.com/advisories/26346

www.securityfocus.com/bid/25218

exchange.xforce.ibmcloud.com/vulnerabilities/35825

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

76.2%

JSON

Related for CVE-2007-4265

prion1