Veracode Vulnerability DatabaseVERACODE:23015

HistoryApr 10, 2020 - 12:12 a.m.

Cross-site Scripting (XSS)

2020-04-1000:12:29

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

conga is vulnerable to cross-site scripting. The vulnerability exists as it uses Zope packages which was vulnerable to script injection.

CPENameOperatorVersion
congaeq0.8__30.el5
congaeq0.8__30.el5

CPE	Name	Operator	Version
	conga	eq	0.8__30.el5
	conga	eq	0.8__30.el5

References

lists.suse.com/archive/suse-security-announce/2007-May/0005.html

secunia.com/advisories/24017

secunia.com/advisories/24713

secunia.com/advisories/25239

www.debian.org/security/2007/dsa-1275

www.securityfocus.com/bid/23084

www.vupen.com/english/advisories/2007/1041

www.zope.org/Products/Zope/Hotfix-2007-03-20/announcement/view

access.redhat.com/errata/RHBA-2007:0331

exchange.xforce.ibmcloud.com/vulnerabilities/33187

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

Related for VERACODE:23015