Lucene search

PRIOn knowledge basePRION:CVE-2007-4542

HistoryAug 27, 2007 - 9:17 p.m.

Cross site scripting

2007-08-2721:17:00

PRIOn knowledge base

www.prio-n.com

5.7 Medium

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.5%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in MapServer before 4.10.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the (1) processLine function in maptemplate.c and the (2) writeError function in mapserv.c in the mapserv CGI program.

CPENameOperatorVersion
mapserverle4.10.3

CPE	Name	Operator	Version
	mapserver	le	4.10.3

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=439346

mapserver.gis.umn.edu/download/current/HISTORY.TXT/

secunia.com/advisories/26561

secunia.com/advisories/26718

secunia.com/advisories/29688

trac.osgeo.org/mapserver/attachment/ticket/2256/ms-bug-2256-4.8.patch

trac.osgeo.org/mapserver/ticket/2256

www.debian.org/security/2008/dsa-1539

www.securityfocus.com/bid/25582

www.vupen.com/english/advisories/2007/2974

www.redhat.com/archives/fedora-package-announce/2007-September/msg00096.html