Lucene search

[email protected]CVE-2007-4281

HistoryAug 09, 2007 - 9:17 p.m.

CVE-2007-4281

2007-08-0921:17:00

[email protected]

web.nvd.nist.gov

cve-2007-4281

xss

knowledgetree

open source

security vulnerability

5.6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.007 Low

EPSS

Percentile

80.1%

JSON

Cross-site scripting (XSS) vulnerability in KnowledgeTree Open Source 3.4 and 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the login field on the login page, and other unspecified vectors.

Affected configurations

NVD

Node

knowledgetreeopen_sourceMatch3.4

knowledgetreeopen_sourceMatch3.4.1

CPENameOperatorVersion
knowledgetree:open_sourceknowledgetree open sourceeq3.4
knowledgetree:open_sourceknowledgetree open sourceeq3.4.1

CPE	Name	Operator	Version
knowledgetree:open_source	knowledgetree open source	eq	3.4
knowledgetree:open_source	knowledgetree open source	eq	3.4.1

References

osvdb.org/36579

secunia.com/advisories/26333

sourceforge.net/forum/forum.php?forum_id=722865

sourceforge.net/project/shownotes.php?release_id=530698&group_id=107851

support.ktdms.com/browse/KTS-2178

www.securityfocus.com/bid/25231

www.vupen.com/english/advisories/2007/2812

5.6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.007 Low

EPSS

Percentile

80.1%

JSON

Related for CVE-2007-4281

nvd2 prion2 cvelist2 cve1 ubuntucve1