Lucene search

[email protected]NVD:CVE-2007-5727

HistoryOct 30, 2007 - 9:46 p.m.

CVE-2007-5727

2007-10-3021:46:00

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.3

Confidence

High

EPSS

0.007

Percentile

80.2%

JSON

Incomplete blacklist vulnerability in the stripScripts function in common.php in OneOrZero Helpdesk 1.6.5.4, 1.6.4.2, and possibly other versions, allows remote attackers to conduct cross-site scripting (XSS) attacks and inject arbitrary web script or HTML via XSS sequences without SCRIPT tags in the description parameter to (1) tcreate.php or (2) tupdate.php, as demonstrated using an onmouseover event in a b tag.

Affected configurations

Nvd

Node

oneorzerooneorzero_helpdeskMatch1.6.4.2

oneorzerooneorzero_helpdeskMatch1.6.5.4

VendorProductVersionCPE
oneorzerooneorzero_helpdesk1.6.4.2cpe:2.3:a:oneorzero:oneorzero_helpdesk:1.6.4.2:*:*:*:*:*:*:*
oneorzerooneorzero_helpdesk1.6.5.4cpe:2.3:a:oneorzero:oneorzero_helpdesk:1.6.5.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
oneorzero	oneorzero_helpdesk	1.6.4.2	cpe:2.3:a:oneorzero:oneorzero_helpdesk:1.6.4.2:::::::*
oneorzero	oneorzero_helpdesk	1.6.5.4	cpe:2.3:a:oneorzero:oneorzero_helpdesk:1.6.5.4:::::::*

References

osvdb.org/38215

osvdb.org/38836

secunia.com/advisories/27415

securityreason.com/securityalert/3320

www.securityfocus.com/archive/1/482790/100/0/threaded

www.securityfocus.com/bid/26208

www.securityfocus.com/bid/26217

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.3

Confidence

High

EPSS

0.007

Percentile

80.2%

JSON

Related for NVD:CVE-2007-5727

cvelist1 prion1 cve1