Lucene search

MitreCVE-2007-3182

HistoryJun 26, 2007 - 5:30 p.m.

CVE-2007-3182

2007-06-2617:30:00

mitre

web.nvd.nist.gov

cve-2007-3182

cross-site scripting

xss

calendarix 0.7.20070307

web script injection

html injection

remote attack

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.013

Percentile

85.9%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Calendarix 0.7.20070307, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) year and (2) month parameters to calendar.php, and the (3) leftfooter parameter to cal_footer.inc.php. NOTE: the ycyear parameter to yearcal.php is already covered by CVE-2006-1835.

Affected configurations

Nvd

Node

vincent_horcalendarixMatch0.7.2007-03-07

VendorProductVersionCPE
vincent_horcalendarix0.7.2007-03-07cpe:2.3:a:vincent_hor:calendarix:0.7.2007-03-07:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
vincent_hor	calendarix	0.7.2007-03-07	cpe:2.3:a:vincent_hor:calendarix:0.7.2007-03-07:::::::*

References

osvdb.org/35695

osvdb.org/35696

secunia.com/advisories/25795

securityreason.com/securityalert/2838

www.netvigilance.com/advisory0037

www.osvdb.org/35372

www.securityfocus.com/archive/1/472208/100/0/threaded

www.securityfocus.com/bid/24626

www.vupen.com/english/advisories/2007/2324

exchange.xforce.ibmcloud.com/vulnerabilities/35045

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.013

Percentile

85.9%

JSON

Related for CVE-2007-3182