Lucene search

[email protected]NVD:CVE-2007-1679

HistoryMar 26, 2007 - 11:19 p.m.

CVE-2007-1679

2007-03-2623:19:00

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

4.9

Confidence

High

EPSS

0.007

Percentile

80.2%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware Webmail 1.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors in (1) imp/search.php and (2) ingo/rule.php. NOTE: this issue has been disputed by the vendor, noting that the search.php issue was resolved in CVE-2006-4255, and attackers can only use rule.php to inject XSS into their own pages

Affected configurations

Nvd

Node

hordegroupwareMatch1.0

VendorProductVersionCPE
hordegroupware1.0cpe:2.3:a:horde:groupware:1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
horde	groupware	1.0	cpe:2.3:a:horde:groupware:1.0:::::::*

References

securityreason.com/securityalert/2487

www.securityfocus.com/archive/1/463819/100/0/threaded

www.securityfocus.com/archive/1/463911/100/0/threaded

www.securityfocus.com/bid/23136

exchange.xforce.ibmcloud.com/vulnerabilities/33228

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

4.9

Confidence

High

EPSS

0.007

Percentile

80.2%

JSON

Related for NVD:CVE-2007-1679

prion1 cve2 ubuntucve2 cvelist2 nvd1 nessus1 securityvulns1