Lucene search

PRIOn knowledge basePRION:CVE-2007-1177

HistoryMar 02, 2007 - 9:18 p.m.

Cross site scripting

2007-03-0221:18:00

PRIOn knowledge base

www.prio-n.com

6.6 Medium

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.003 Low

EPSS

Percentile

69.6%

JSON

WebAPP before 0.9.9.5 does not properly filter certain characters in contexts related to (1) the query string, (2) Profiles, (3) the Forum Post icon field, (4) the Edit Profile, and (5) the Gallery, which has unknown impact and remote attack vectors, possibly related to cross-site scripting (XSS).

CPENameOperatorVersion
webappeq0.9.9.3
webappeq0.9.9.3.2
webappeq0.9.9.2.1
webappeq0.9.9.2
webappeq0.9.9.1
webappeq0.9.9
webappeq0.9.9.3.1
webappeq0.9.9.4

Name	Operator	Version
webapp	eq	0.9.9.3
webapp	eq	0.9.9.3.2
webapp	eq	0.9.9.2.1
webapp	eq	0.9.9.2
webapp	eq	0.9.9.1
webapp	eq	0.9.9
webapp	eq	0.9.9.3.1
webapp	eq	0.9.9.4

References

osvdb.org/33277

osvdb.org/33283

osvdb.org/33286

osvdb.org/33287

secunia.com/advisories/24080

www.securityfocus.com/bid/22563

www.vupen.com/english/advisories/2007/0604

www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=250

6.6 Medium

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.003 Low

EPSS

Percentile

69.6%

JSON

Related for PRION:CVE-2007-1177