Lucene search

MitreCVE-2007-6560

HistoryDec 28, 2007 - 12:46 a.m.

CVE-2007-6560

2007-12-2800:46:00

CWE-79

mitre

web.nvd.nist.gov

logaholic

xss

vulnerabilities

web script

html

security

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.009

Percentile

83.1%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Logaholic before 2.0 RC8 allow remote attackers to inject arbitrary web script or HTML via (1) the newconfname parameter to profiles.php or (2) the conf parameter to index.php.

Affected configurations

Nvd

Node

logaholiclogaholicMatch0

VendorProductVersionCPE
logaholiclogaholic0cpe:2.3:a:logaholic:logaholic:0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
logaholic	logaholic	0	cpe:2.3:a:logaholic:logaholic:0:::::::*

References

osvdb.org/39792

osvdb.org/39793

secunia.com/advisories/28263

securityreason.com/securityalert/3496

www.securityfocus.com/archive/1/485480/100/0/threaded

www.securityfocus.com/archive/1/490101/100/0/threaded

www.securityfocus.com/bid/27003

exchange.xforce.ibmcloud.com/vulnerabilities/39223

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.009

Percentile

83.1%

JSON

Related for CVE-2007-6560