Lucene search

[email protected]NVD:CVE-2007-5948

HistoryNov 14, 2007 - 1:46 a.m.

CVE-2007-5948

2007-11-1401:46:00

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.006

Percentile

79.3%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in main.php in SF-Shoutbox 1.2.1 through 1.4 allow remote attackers to inject arbitrary web script or HTML via the (1) nick (aka Name) and (2) shout (aka Shout) parameters.

Affected configurations

Nvd

Node

script-funsf-shoutboxMatch1.2.1

script-funsf-shoutboxMatch1.4

VendorProductVersionCPE
script-funsf-shoutbox1.2.1cpe:2.3:a:script-fun:sf-shoutbox:1.2.1:*:*:*:*:*:*:*
script-funsf-shoutbox1.4cpe:2.3:a:script-fun:sf-shoutbox:1.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
script-fun	sf-shoutbox	1.2.1	cpe:2.3:a:script-fun:sf-shoutbox:1.2.1:::::::*
script-fun	sf-shoutbox	1.4	cpe:2.3:a:script-fun:sf-shoutbox:1.4:::::::*

References

osvdb.org/38401

secunia.com/advisories/27487

www.securityfocus.com/bid/26320

www.smash-the-stack.net/articles/SF-Shoutbox_Injection_Advisory.txt

www.vupen.com/english/advisories/2007/3722

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.006

Percentile

79.3%

JSON

Related for NVD:CVE-2007-5948

prion1 cve1 cvelist1