Lucene search

[email protected]NVD:CVE-2007-5059

HistorySep 24, 2007 - 10:17 p.m.

CVE-2007-5059

2007-09-2422:17:00

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.4

Confidence

High

EPSS

0.007

Percentile

80.2%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in GreenSQL allow remote attackers to inject arbitrary web script or HTML via several vectors, as demonstrated by the (1) uname and (2) pass parameters in a login form, and (3) an unspecified “url value,” leading to storage of XSS sequences in the database and display of these sequences in the alert section of the admin panel.

Affected configurations

Nvd

Node

greensqlgreensqlMatch0.2.2

VendorProductVersionCPE
greensqlgreensql0.2.2cpe:2.3:a:greensql:greensql:0.2.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
greensql	greensql	0.2.2	cpe:2.3:a:greensql:greensql:0.2.2:::::::*

References

www.greensql.net/security

www.osvdb.org/38165

www.osvdb.org/38166

www.securityfocus.com/archive/1/480278/100/0/threaded

www.securityfocus.com/bid/25767

exchange.xforce.ibmcloud.com/vulnerabilities/36749

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.4

Confidence

High

EPSS

0.007

Percentile

80.2%

JSON

Related for NVD:CVE-2007-5059

prion1 cvelist1 cve1