Lucene search

MitreCVE-2007-6270

HistoryDec 07, 2007 - 11:46 a.m.

CVE-2007-6270

2007-12-0711:46:00

CWE-79

mitre

web.nvd.nist.gov

xss

cross-site scripting

absolute news manager.net 5.1

web security

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.006

Percentile

79.7%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Absolute News Manager.NET 5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) rmore parameter to xlaabsolutenm.aspx and the (2) template parameter to pages/default.aspx.

Affected configurations

Nvd

Node

xiglaabsolute_news_manager.netMatch5.1

VendorProductVersionCPE
xiglaabsolute_news_manager.net5.1cpe:2.3:a:xigla:absolute_news_manager.net:5.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
xigla	absolute_news_manager.net	5.1	cpe:2.3:a:xigla:absolute_news_manager.net:5.1:::::::*

References

marc.info/?l=bugtraq&m=119678724111351&w=2

osvdb.org/40577

osvdb.org/40578

secunia.com/advisories/27923

www.procheckup.com/Vulnerability_PR07-39.php

www.securityfocus.com/bid/26692

www.xigla.com/news/default.aspx

exchange.xforce.ibmcloud.com/vulnerabilities/38872

exchange.xforce.ibmcloud.com/vulnerabilities/38873

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.006

Percentile

79.7%

JSON

Related for CVE-2007-6270