Lucene search

[email protected]CVE-2007-3328

HistoryJun 21, 2007 - 6:30 p.m.

CVE-2007-3328

2007-06-2118:30:00

[email protected]

web.nvd.nist.gov

cve-2007-3328

cross-site scripting

xss

interact 2.4 beta 1

security vulnerability

remote attack

web script injection

html injection

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.041 Low

EPSS

Percentile

92.2%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Interact 2.4 beta 1 allow remote attackers to inject arbitrary web script or HTML via the (1) module_key parameter to (a) kb/kb.php, (b) quiz/runquiz.php, © quiz/quiz.php, (d) forum/forum.php, (e) forum/byname.php, and (f) journal/journalview.php in modules/, and unspecified other scripts; the (2) tag_key parameter to modules/journal/journalview.php; the (3) user_group_key parameter to (g) users/secureaccounts.php; and (4) the request_uri parameter to (h) login.php.

Affected configurations

NVD

Node

interactinteractMatch2.4_beta_1

CPENameOperatorVersion
interact:interactinteracteq2.4_beta_1

CPE	Name	Operator	Version
interact:interact	interact	eq	2.4_beta_1

References

osvdb.org/36921

osvdb.org/36922

osvdb.org/36923

osvdb.org/36924

osvdb.org/36925

osvdb.org/36926

osvdb.org/36927

osvdb.org/36928

osvdb.org/36929

pridels-team.blogspot.com/2007/06/interact-multiple-xss-vuln.html

www.securityfocus.com/bid/24573

exchange.xforce.ibmcloud.com/vulnerabilities/34958

Social References

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.041 Low

EPSS

Percentile

92.2%

JSON

Related for CVE-2007-3328

cvelist2 prion2 nvd2 cve1