Lucene search

[email protected]NVD:CVE-2007-3137

HistoryJun 08, 2007 - 4:30 p.m.

CVE-2007-3137

2007-06-0816:30:00

CWE-79

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.7%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in 4print.asp in WmsCMS 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) sbl, (2) sbr, or (3) search parameter. NOTE: the original disclosure claims the pageid parameter in index.php is affected, but this is incorrect.

Affected configurations

NVD

Node

webmaster_solutionswmscmsMatch2.0

References

osvdb.org/37144

secunia.com/advisories/25583

securityreason.com/securityalert/2789

www.securityfocus.com/archive/1/470758/100/0/threaded

www.securityfocus.com/bid/24365

exchange.xforce.ibmcloud.com/vulnerabilities/34763

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.7%

JSON

Related for NVD:CVE-2007-3137

prion2 cvelist2 cve2 nvd1