Lucene search

MitreCVE-2007-5370

HistoryOct 11, 2007 - 10:17 a.m.

CVE-2007-5370

2007-10-1110:17:00

CWE-79

mitre

web.nvd.nist.gov

xss

vulnerabilities

netwin

dnewsweb

dnews news server

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.008

Percentile

81.7%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/dnewsweb.exe in NetWin DNewsWeb (DNews News Server) 57e1 allow remote attackers to inject arbitrary web script or HTML via the (1) group or (2) utag parameter.

Affected configurations

Nvd

Node

netwindnewswebMatch57e1

VendorProductVersionCPE
netwindnewsweb57e1cpe:2.3:a:netwin:dnewsweb:57e1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
netwin	dnewsweb	57e1	cpe:2.3:a:netwin:dnewsweb:57e1:::::::*

References

osvdb.org/37651

secunia.com/advisories/27163

securityreason.com/securityalert/3208

www.securityfocus.com/archive/1/481865/100/0/threaded

www.securityfocus.com/bid/25981

www.vupen.com/english/advisories/2007/3452

exchange.xforce.ibmcloud.com/vulnerabilities/37031

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.008

Percentile

81.7%

JSON

Related for CVE-2007-5370