Lucene search

[email protected]CVE-2007-4862

HistoryOct 30, 2007 - 9:46 p.m.

CVE-2007-4862

2007-10-3021:46:00

CWE-79

[email protected]

web.nvd.nist.gov

cve

2007

4862

cross-site scripting

xss

vulnerability

admin

menu.php

saxon 5.4

remote attackers

web script

html

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

81.4%

JSON

Cross-site scripting (XSS) vulnerability in admin/menu.php in SAXON 5.4 allows remote attackers to inject arbitrary web script or HTML via the config[news_url] parameter.

CPENameOperatorVersion
quirm:saxonquirm saxoneq5.4

CPE	Name	Operator	Version
quirm:saxon	quirm saxon	eq	5.4

References

secunia.com/advisories/27444

securityreason.com/securityalert/3310

www.netvigilance.com/advisory0054

www.quirm.net/punbb/viewtopic.php?id=129

www.securityfocus.com/archive/1/482920/100/0/threaded

www.securityfocus.com/bid/26237

exchange.xforce.ibmcloud.com/vulnerabilities/38134

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

81.4%

JSON

Related for CVE-2007-4862

securityvulns2 packetstorm1 prion1