Lucene search

[email protected]NVD:CVE-2007-1234

HistoryMar 03, 2007 - 7:19 p.m.

CVE-2007-1234

2007-03-0319:19:00

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.006

Percentile

78.0%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in sitex allow remote attackers to inject arbitrary web script or HTML via (1) the sxYear parameter to calendar.php, (2) the search parameter to search.php, (3) the linkid parameter to redirect.php, or (4) the page parameter to calendar_events.php.

Affected configurations

Nvd

Node

bj_sintaysitexMatch0.7.3

VendorProductVersionCPE
bj_sintaysitex0.7.3cpe:2.3:a:bj_sintay:sitex:0.7.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
bj_sintay	sitex	0.7.3	cpe:2.3:a:bj_sintay:sitex:0.7.3:::::::*

References

osvdb.org/33158

osvdb.org/33159

osvdb.org/33160

osvdb.org/33161

securityreason.com/securityalert/2373

www.securityfocus.com/archive/1/461305/100/0/threaded

www.securityfocus.com/archive/1/465849/100/200/threaded

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.006

Percentile

78.0%

JSON

Related for NVD:CVE-2007-1234

prion1 cvelist1 cve1 securityvulns1