Lucene search

[email protected]NVD:CVE-2007-3559

HistoryJul 04, 2007 - 4:30 p.m.

CVE-2007-3559

2007-07-0416:30:00

[email protected]

web.nvd.nist.gov

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.3

Confidence

High

EPSS

0.003

Percentile

67.9%

JSON

Cross-site scripting (XSS) vulnerability in infusions/shoutbox_panel/shoutbox_panel.php in PHP-Fusion 6.01.10 and 6.01.9, when guest posts are enabled, allows remote authenticated users to inject arbitrary web script or HTML via the URI, related to the FUSION_QUERY constant.

Affected configurations

Nvd

Node

php-fusionphp-fusionMatch6.01.9

php-fusionphp-fusionMatch6.01.10

VendorProductVersionCPE
php-fusionphp-fusion6.01.9cpe:2.3:a:php-fusion:php-fusion:6.01.9:*:*:*:*:*:*:*
php-fusionphp-fusion6.01.10cpe:2.3:a:php-fusion:php-fusion:6.01.10:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
php-fusion	php-fusion	6.01.9	cpe:2.3:a:php-fusion:php-fusion:6.01.9:::::::*
php-fusion	php-fusion	6.01.10	cpe:2.3:a:php-fusion:php-fusion:6.01.10:::::::*

References

osvdb.org/36342

secunia.com/advisories/25907

www.securityfocus.com/bid/24733

www.xssed.com/advisory/60/PHP-FUSION_FUSION_QUERY_Cross-Site_Scripting_Vulnerability/

exchange.xforce.ibmcloud.com/vulnerabilities/35225

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.3

Confidence

High

EPSS

0.003

Percentile

67.9%

JSON

Related for NVD:CVE-2007-3559

cvelist1 cve1 prion1