Cross site scripting

2007-06-2617:30:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.6%

JSON

Cross-site scripting (XSS) vulnerability in index.wkf in KeyFocus (KF) web server 3.1.0 allows remote attackers to inject arbitrary web script or HTML via the opsubmenu parameter.

CPENameOperatorVersion
kf_web_servereq3.1.0

CPE	Name	Operator	Version
	kf_web_server	eq	3.1.0

References

osvdb.org/36331

secunia.com/advisories/25828

securityreason.com/securityalert/2840

www.keyfocus.net/kfws/support/index.php

www.securityfocus.com/archive/1/472195/100/0/threaded

www.securityfocus.com/archive/1/472273/100/0/threaded

www.securityfocus.com/bid/24623

www.vupen.com/english/advisories/2007/2331

exchange.xforce.ibmcloud.com/vulnerabilities/35042