Lucene search

[email protected]CVE-2007-5629

HistoryOct 23, 2007 - 4:46 p.m.

CVE-2007-5629

2007-10-2316:46:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2007-5629

xss

admin/logon.asp

shoppingtree candypress store 4.1

web security

html

remote attack

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.7%

JSON

Cross-site scripting (XSS) vulnerability in admin/logon.asp in ShoppingTree CandyPress Store 4.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter, a different vector than CVE-2007-2804. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Affected configurations

NVD

Node

candypresscandypress_storeMatch4.1

CPENameOperatorVersion
candypress:candypress_storecandypress candypress storeeq4.1

CPE	Name	Operator	Version
candypress:candypress_store	candypress candypress store	eq	4.1

References

osvdb.org/38155

secunia.com/advisories/27339

securityreason.com/securityalert/3267

www.securityfocus.com/bid/26153

www.securityfocus.com/data/vulnerabilities/exploits/26153.html

exchange.xforce.ibmcloud.com/vulnerabilities/37391

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.7%

JSON

Related for CVE-2007-5629

prion2 cvelist2 nvd2 cve1