Lucene search

[email protected]CVE-2007-6659

HistoryJan 04, 2008 - 11:46 a.m.

CVE-2007-6659

2008-01-0411:46:00

CWE-79

[email protected]

web.nvd.nist.gov

cve

2z project

xss

vulnerability

web script

html

remote attack

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.3%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in 2z project 0.9.6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) contentshort or (2) contentfull parameter in an addnews action to the default URI; (3) the content parameter in a pm write action to 2z/admin.php; (4) the referer parameter to templates/default/usermenu.tpl, accessed through index.php; or the (5) newavatar or (6) newphoto parameter in a profile action to the default URI under 2z/.

Affected configurations

NVD

Node

2z_project2z_projectMatch0.9.6.1

CPENameOperatorVersion
2z_project:2z_project2z projecteq0.9.6.1

CPE	Name	Operator	Version
2z_project:2z_project	2z project	eq	0.9.6.1

References

2z-project.ru/forum/viewtopic.php?pid=8309

secunia.com/advisories/28244

securityreason.com/securityalert/3514

www.securityfocus.com/archive/1/485590/100/0/threaded

www.securityfocus.com/bid/27057

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.3%

JSON

Related for CVE-2007-6659

cvelist1 prion1 nvd1