Lucene search

[email protected]CVE-2007-5304

HistoryOct 09, 2007 - 6:17 p.m.

CVE-2007-5304

2007-10-0918:17:00

CWE-79

[email protected]

web.nvd.nist.gov

cve

2007

5304

xss

vulnerabilities

elseif cms beta 0.6

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

74.3%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in ELSEIF CMS Beta 0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) repertimage parameter to utilisateurs/vousetesbannis.php, the (2) elseifvotetxtresultatduvote parameter to utilisateurs/votesresultats.php, and the (3) elseifforumtxtmenugeneraleduforum parameter to moduleajouter/depot/adminforum.php.

CPENameOperatorVersion
yannick_tanguy:else_if_cmsyannick tanguy else if cmseq0.6-beta

CPE	Name	Operator	Version
yannick_tanguy:else_if_cms	yannick tanguy else if cms	eq	0.6-beta

References

osvdb.org/38646

osvdb.org/38647

osvdb.org/38648

securityreason.com/securityalert/3204

www.securityfocus.com/archive/1/481683/100/0/threaded

www.securityfocus.com/bid/25951

www.vupen.com/english/advisories/2007/3429

exchange.xforce.ibmcloud.com/vulnerabilities/37007

Social References

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

74.3%

JSON

Related for CVE-2007-5304

prion1