Lucene search

[email protected]CVE-2007-5121

HistorySep 27, 2007 - 5:17 p.m.

CVE-2007-5121

2007-09-2717:17:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2007-5121

cross-site scripting

xss vulnerability

jspwiki

web security

remote attackers

html injection

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

79.4%

JSON

Cross-site scripting (XSS) vulnerability in JSPWiki 2.5.139-beta allows remote attackers to inject arbitrary web script or HTML via the redirect parameter to wiki-3/Login.jsp and unspecified other components.

Affected configurations

NVD

Node

jspwikijspwikiMatch2.5.139-beta

CPENameOperatorVersion
jspwiki:jspwikijspwikieq2.5.139-beta

CPE	Name	Operator	Version
jspwiki:jspwiki	jspwiki	eq	2.5.139-beta

References

lists.grok.org.uk/pipermail/full-disclosure/2007-September/066096.html

secunia.com/advisories/26961

securityreason.com/securityalert/3167

www.ecyrd.com/~jalkanen/JSPWiki/2.4.104/ChangeLog

www.securityfocus.com/archive/1/480570/100/0/threaded

www.securityfocus.com/bid/25803

exchange.xforce.ibmcloud.com/vulnerabilities/36767

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

79.4%

JSON

Related for CVE-2007-5121

cvelist1 nvd1 ubuntucve1 prion1