Lucene search

[email protected]CVE-2007-6135

HistoryNov 27, 2007 - 7:46 p.m.

CVE-2007-6135

2007-11-2719:46:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2007-6135

xss

remote code injection

web security

vulnerability

php

phpslideshow

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

79.5%

JSON

Cross-site scripting (XSS) vulnerability in phpslideshow.php in PHPSlideShow 0.9.9.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the directory parameter. NOTE: this issue was originally reported for toonchapter8.php, but this is probably a site-specific name, since the PHPSlideShow distribution does not contain that file.

Affected configurations

NVD

Node

phpslideshowphpslideshowMatch0.9.9.2

CPENameOperatorVersion
phpslideshow:phpslideshowphpslideshoweq0.9.9.2

CPE	Name	Operator	Version
phpslideshow:phpslideshow	phpslideshow	eq	0.9.9.2

References

secunia.com/advisories/27809

www.packetstormsecurity.org/0711-exploits/phpslideshow-xss.txt

www.securityfocus.com/archive/1/484192/100/0/threaded

www.securityfocus.com/archive/1/484289/100/0/threaded

www.securityfocus.com/archive/1/490968/100/0/threaded

www.securityfocus.com/bid/26575

www.securityfocus.com/bid/26576

www.vupen.com/english/advisories/2007/3992

exchange.xforce.ibmcloud.com/vulnerabilities/38638

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

79.5%

JSON

Related for CVE-2007-6135

cvelist1 nvd1 prion1