Lucene search

[email protected]CVE-2007-5127

HistorySep 27, 2007 - 7:17 p.m.

CVE-2007-5127

2007-09-2719:17:00

CWE-79

[email protected]

web.nvd.nist.gov

cve

2007

5127

xss

vulnerabilities

simpgb

web script

html

admin

emoticonlist

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.013 Low

EPSS

Percentile

85.9%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in SimpGB 1.46.02 allow remote attackers to inject arbitrary web script or HTML via (1) the l_username parameter to the default URI under admin/ or (2) the l_emoticonlist parameter to admin/emoticonlist.php.

Affected configurations

NVD

Node

simpgbsimpgbMatch1.46.02

CPENameOperatorVersion
simpgb:simpgbsimpgbeq1.46.02

CPE	Name	Operator	Version
simpgb:simpgb	simpgb	eq	1.46.02

References

forum.boesch-it.de/viewtopic.php?t=2790

secunia.com/advisories/26974

securityreason.com/securityalert/3171

www.netvigilance.com/advisory0067

www.securityfocus.com/archive/1/480596/100/0/threaded

www.securityfocus.com/bid/25808

exchange.xforce.ibmcloud.com/vulnerabilities/36773

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.013 Low

EPSS

Percentile

85.9%

JSON

Related for CVE-2007-5127

prion1 nvd1 cvelist1