Lucene search

MitreCVE-2007-5426

HistoryOct 12, 2007 - 11:17 p.m.

CVE-2007-5426

2007-10-1223:17:00

CWE-79

mitre

web.nvd.nist.gov

cve-2007-5426

cross-site scripting

xss

vulnerability

activekb nx 2.5.4

remote attackers

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.01

Percentile

83.9%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in ActiveKB NX 2.5.4 allow remote attackers to inject arbitrary web script or HTML via the page parameter to the default URI for some directories, as demonstrated by (1) ActiveKB/ and (2) default/categories/ActiveKB/.

Affected configurations

Nvd

Node

interspireactivekb_nxMatch2.5.4

VendorProductVersionCPE
interspireactivekb_nx2.5.4cpe:2.3:a:interspire:activekb_nx:2.5.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
interspire	activekb_nx	2.5.4	cpe:2.3:a:interspire:activekb_nx:2.5.4:::::::*

References

osvdb.org/37661

secunia.com/advisories/27194

securityreason.com/securityalert/3216

securityvulns.ru/Rdocument956.html

www.securityfocus.com/archive/1/482006/100/0/threaded

www.securityfocus.com/bid/26027

exchange.xforce.ibmcloud.com/vulnerabilities/37066

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.01

Percentile

83.9%

JSON

Related for CVE-2007-5426