Lucene search

[email protected]NVD:CVE-2007-3324

HistoryJun 21, 2007 - 6:30 p.m.

CVE-2007-3324

2007-06-2118:30:00

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.6

Confidence

High

EPSS

0.005

Percentile

76.2%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Comersus Cart 7.07 allow remote attackers to inject arbitrary web script or HTML via the redirectUrl parameter to (1) comersus_customerAuthenticateForm.asp or (2) comersus_message.asp, different vectors than CVE-2004-0681.

Affected configurations

Nvd

Node

comersus_open_technologiescomersus_cartMatch7.07

VendorProductVersionCPE
comersus_open_technologiescomersus_cart7.07cpe:2.3:a:comersus_open_technologies:comersus_cart:7.07:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
comersus_open_technologies	comersus_cart	7.07	cpe:2.3:a:comersus_open_technologies:comersus_cart:7.07:::::::*

References

osvdb.org/36153

osvdb.org/36154

securityreason.com/securityalert/2819

www.securityfocus.com/archive/1/471837/100/0/threaded

www.securityfocus.com/bid/24562

exchange.xforce.ibmcloud.com/vulnerabilities/34954

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.6

Confidence

High

EPSS

0.005

Percentile

76.2%

JSON

Related for NVD:CVE-2007-3324

prion1 cvelist2 cve2 nvd1 exploitdb3 nessus1 openvas2