Lucene search

MitreCVE-2007-5293

HistoryOct 09, 2007 - 6:17 p.m.

CVE-2007-5293

2007-10-0918:17:00

CWE-79

mitre

web.nvd.nist.gov

xss

vulnerabilities

idmos

phoenix

web script

html

remote attackers

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.011

Percentile

84.9%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in IDMOS 1.0-beta (aka Phoenix) allow remote attackers to inject arbitrary web script or HTML via the (1) err_msg parameter to error.php and the (2) content parameter to templates/simple/ia.php.

Affected configurations

Nvd

Node

idmosidmosMatch1.0-beta

VendorProductVersionCPE
idmosidmos1.0-betacpe:2.3:a:idmos:idmos:1.0-beta:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
idmos	idmos	1.0-beta	cpe:2.3:a:idmos:idmos:1.0-beta:::::::*

References

osvdb.org/38631

osvdb.org/38632

securityreason.com/securityalert/3205

www.securityfocus.com/archive/1/481682/100/0/threaded

www.securityfocus.com/bid/25950

www.vupen.com/english/advisories/2007/3433

exchange.xforce.ibmcloud.com/vulnerabilities/36997

exchange.xforce.ibmcloud.com/vulnerabilities/36999

www.exploit-db.com/exploits/4495

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.011

Percentile

84.9%

JSON

Related for CVE-2007-5293