Lucene search

[email protected]CVE-2007-4542

HistoryAug 27, 2007 - 9:17 p.m.

CVE-2007-4542

2007-08-2721:17:00

CWE-79

[email protected]

web.nvd.nist.gov

mapserver

xss

cross-site scripting

web security

cve-2007-4542

nvd

5.5 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.009 Low

EPSS

Percentile

82.3%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in MapServer before 4.10.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the (1) processLine function in maptemplate.c and the (2) writeError function in mapserv.c in the mapserv CGI program.

Affected configurations

NVD

Node

university_of_minnesotamapserverRange≤4.10.3

CPENameOperatorVersion
university_of_minnesota:mapserveruniversity of minnesota mapserverle4.10.3

CPE	Name	Operator	Version
university_of_minnesota:mapserver	university of minnesota mapserver	le	4.10.3

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=439346

mapserver.gis.umn.edu/download/current/HISTORY.TXT/

secunia.com/advisories/26561

secunia.com/advisories/26718

secunia.com/advisories/29688

trac.osgeo.org/mapserver/attachment/ticket/2256/ms-bug-2256-4.8.patch

trac.osgeo.org/mapserver/ticket/2256

www.debian.org/security/2008/dsa-1539

www.securityfocus.com/bid/25582

www.vupen.com/english/advisories/2007/2974

www.redhat.com/archives/fedora-package-announce/2007-September/msg00096.html

5.5 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.009 Low

EPSS

Percentile

82.3%

JSON

Related for CVE-2007-4542

nvd1 prion1 debiancve1 ubuntucve1 cvelist1 fedora1 osv1 openvas4 nessus3 debian1 seebug1