Lucene search

[email protected]CVE-2007-3708

HistoryJul 11, 2007 - 11:30 p.m.

CVE-2007-3708

2007-07-1123:30:00

[email protected]

web.nvd.nist.gov

cve-2007-3708

xss vulnerability

codeigniter

web security

nvd

remote attack

html injection

web script

xss_clean.

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.7%

JSON

Cross-site scripting (XSS) vulnerability in CodeIgniter 1.5.3 before 20070626 allows remote attackers to inject arbitrary web script or HTML via (1) String.fromCharCode and (2) malformed nested tag manipulations in an unspecified component, related to insufficient sanitization by the xss_clean function.

Affected configurations

NVD

Node

codeignitercodeigniterMatch1.5.3

CPENameOperatorVersion
codeigniter:codeignitercodeignitereq1.5.3

CPE	Name	Operator	Version
codeigniter:codeigniter	codeigniter	eq	1.5.3

References

lists.grok.org.uk/pipermail/full-disclosure/2007-July/064500.html

osvdb.org/37907

secunia.com/advisories/25991

securityreason.com/securityalert/2877

www.securityfocus.com/archive/1/473190/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/35350

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.7%

JSON

Related for CVE-2007-3708

cvelist1 prion1 nvd1