Lucene search

MitreCVE-2007-3281

HistoryJun 19, 2007 - 9:30 p.m.

CVE-2007-3281

2007-06-1921:30:00

mitre

web.nvd.nist.gov

cve-2007-3281

xss

vulnerability

php hosting biller 1.0

web script

html

remote attackers

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.01

Percentile

83.8%

JSON

Cross-site scripting (XSS) vulnerability in index.php in Php Hosting Biller 1.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

Affected configurations

Nvd

Node

php_hosting_billerphp_hosting_billerMatch1.0

VendorProductVersionCPE
php_hosting_billerphp_hosting_biller1.0cpe:2.3:a:php_hosting_biller:php_hosting_biller:1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
php_hosting_biller	php_hosting_biller	1.0	cpe:2.3:a:php_hosting_biller:php_hosting_biller:1.0:::::::*

References

osvdb.org/36374

secunia.com/advisories/25681

securityreason.com/securityalert/2811

www.securityfocus.com/archive/1/471642/100/0/threaded

www.securityfocus.com/bid/24517

www.vupen.com/english/advisories/2007/2248

exchange.xforce.ibmcloud.com/vulnerabilities/34941

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.01

Percentile

83.8%

JSON

Related for CVE-2007-3281