Lucene search

[email protected]NVD:CVE-2007-3685

HistoryJul 11, 2007 - 5:30 p.m.

CVE-2007-3685

2007-07-1117:30:00

[email protected]

web.nvd.nist.gov

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.007

Percentile

80.3%

JSON

Cross-site scripting (XSS) vulnerability in rpc.php in Unobtrusive Ajax Star Rating Bar before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter.

Affected configurations

Nvd

Node

masuga_designunobtrusive_ajax_star_rating_barRange≤1.1.9

VendorProductVersionCPE
masuga_designunobtrusive_ajax_star_rating_bar*cpe:2.3:a:masuga_design:unobtrusive_ajax_star_rating_bar:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
masuga_design	unobtrusive_ajax_star_rating_bar	*	cpe:2.3:a:masuga_design:unobtrusive_ajax_star_rating_bar::::::::

References

secunia.com/advisories/25985

www.cirt.net/advisories/unobtrusive_ajax_star_rating.shtml

www.osvdb.org/35935

www.securityfocus.com/bid/24840

exchange.xforce.ibmcloud.com/vulnerabilities/35326

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.007

Percentile

80.3%

JSON

Related for NVD:CVE-2007-3685

cve1 cvelist1 prion1