Lucene search

MitreCVE-2007-3498

HistoryJun 29, 2007 - 6:30 p.m.

CVE-2007-3498

2007-06-2918:30:00

mitre

web.nvd.nist.gov

cve-2007-3498

xss

smoketests

configform.php

html purifier

security vulnerability

web script

html purification

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.003

Percentile

67.8%

JSON

Cross-site scripting (XSS) vulnerability in smoketests/configForm.php in HTML Purifier before 2.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to “unescaped print_r output.”

Affected configurations

Nvd

Node

htmlpurifierhtmlpurifierMatch2.0.0

VendorProductVersionCPE
htmlpurifierhtmlpurifier2.0.0cpe:2.3:a:htmlpurifier:htmlpurifier:2.0.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
htmlpurifier	htmlpurifier	2.0.0	cpe:2.3:a:htmlpurifier:htmlpurifier:2.0.0:::::::*

References

htmlpurifier.org/svnroot/htmlpurifier/tags/2.0.1/NEWS

osvdb.org/36722

www.securityfocus.com/bid/24699

exchange.xforce.ibmcloud.com/vulnerabilities/35300

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.003

Percentile

67.8%

JSON

Related for CVE-2007-3498