Lucene search

[email protected]CVE-2007-5370

HistoryOct 11, 2007 - 10:17 a.m.

CVE-2007-5370

2007-10-1110:17:00

CWE-79

[email protected]

web.nvd.nist.gov

xss

vulnerabilities

netwin

dnewsweb

dnews news server

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

74.2%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/dnewsweb.exe in NetWin DNewsWeb (DNews News Server) 57e1 allow remote attackers to inject arbitrary web script or HTML via the (1) group or (2) utag parameter.

CPENameOperatorVersion
netwin:dnewswebnetwin dnewswebeq57e1

CPE	Name	Operator	Version
netwin:dnewsweb	netwin dnewsweb	eq	57e1

References

osvdb.org/37651

secunia.com/advisories/27163

securityreason.com/securityalert/3208

www.securityfocus.com/archive/1/481865/100/0/threaded

www.securityfocus.com/bid/25981

www.vupen.com/english/advisories/2007/3452

exchange.xforce.ibmcloud.com/vulnerabilities/37031

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

74.2%

JSON

Related for CVE-2007-5370

prion1