Lucene search

[email protected]CVE-2007-4434

HistoryAug 20, 2007 - 7:17 p.m.

CVE-2007-4434

2007-08-2019:17:00

[email protected]

web.nvd.nist.gov

cve-2007-4434

cross-site scripting

xss

textfilesearch.asp

web script

html

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

62.0%

JSON

Cross-site scripting (XSS) vulnerability in textfilesearch.asp in the Text File Search ASP (Classic) edition allows remote attackers to inject arbitrary web script or HTML via the query parameter.

Affected configurations

NVD

Node

aspindirtext_file_searchMatch0classic

CPENameOperatorVersion
aspindir:text_file_searchaspindir text file searcheq0

CPE	Name	Operator	Version
aspindir:text_file_search	aspindir text file search	eq	0

References

osvdb.org/37733

securityreason.com/securityalert/3046

www.packetstormsecurity.org/0708-exploits/tfsc-xss.txt

www.securityfocus.com/bid/25350

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

62.0%

JSON

Related for CVE-2007-4434

prion1 cvelist1 nvd1