Lucene search

[email protected]CVE-2007-5982

HistoryNov 15, 2007 - 12:46 a.m.

CVE-2007-5982

2007-11-1500:46:00

CWE-79

[email protected]

web.nvd.nist.gov

xss

remote attackers

web script

html

x7 chat

nvd

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

71.4%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in X7 Chat 2.0.4, 2.0.5, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the (1) room parameter to sources/frame.php, the (2) theme_c parameter to help/index.php, or the (3) INSTALL_X7CHATVERSION parameter to upgradev1.php.

Affected configurations

NVD

Node

x7_groupx7_chatMatch2.0.4

x7_groupx7_chatMatch2.0.5

CPENameOperatorVersion
x7_group:x7_chatx7 group x7 chateq2.0.4
x7_group:x7_chatx7 group x7 chateq2.0.5

CPE	Name	Operator	Version
x7_group:x7_chat	x7 group x7 chat	eq	2.0.4
x7_group:x7_chat	x7 group x7 chat	eq	2.0.5

References

osvdb.org/38745

osvdb.org/38746

packetstorm.linuxsecurity.com/0711-exploits/x7-xss.txt

secunia.com/advisories/27677

www.securityfocus.com/bid/26417

Social References

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

71.4%

JSON

Related for CVE-2007-5982

nvd1 cvelist1 prion1