Lucene search

MitreCVE-2007-5702

HistoryOct 29, 2007 - 10:46 p.m.

CVE-2007-5702

2007-10-2922:46:00

CWE-79

mitre

web.nvd.nist.gov

cve-2007-5702

cross-site scripting

xss

novell opensuse

swamp

workflow administration

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.005

Percentile

77.8%

JSON

Cross-site scripting (XSS) vulnerability in swamp/action/LoginActions (aka the login box) in the Novell OpenSUSE SWAMP Workflow Administration and Management Platform 1.x allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: some of these details are obtained from third party information.

Affected configurations

Nvd

Node

novellopensuse_swamp

VendorProductVersionCPE
novellopensuse_swamp*cpe:2.3:a:novell:opensuse_swamp:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
novell	opensuse_swamp	*	cpe:2.3:a:novell:opensuse_swamp::::::::

References

secunia.com/advisories/27390

swamp.svn.sourceforge.net/viewvc/swamp/trunk/swamp/webapps/webswamp/src/java/de/suse/swamp/modules/actions/LoginActions.java?r1=666&r2=700

www.osvdb.org/38203

www.securityfocus.com/archive/1/482733/100/0/threaded

www.securityfocus.com/bid/26198

exchange.xforce.ibmcloud.com/vulnerabilities/37399

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.005

Percentile

77.8%

JSON

Related for CVE-2007-5702