Lucene search

[email protected]NVD:CVE-2007-6002

HistoryNov 15, 2007 - 10:46 p.m.

CVE-2007-6002

2007-11-1522:46:00

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.6

Confidence

High

EPSS

0.005

Percentile

76.8%

JSON

Cross-site scripting (XSS) vulnerability in Fenriru (1) Sleipnir 2.5.17 R2 and earlier and (2) Grani 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the Search field in a search for additions to the Favorites section.

Affected configurations

Nvd

Node

fenrirgraniRange≤3.0

fenrirsleipnirRange≤2.5.17r2

VendorProductVersionCPE
fenrirgrani*cpe:2.3:a:fenrir:grani:*:*:*:*:*:*:*:*
fenrirsleipnir*cpe:2.3:a:fenrir:sleipnir:*:r2:*:*:*:*:*:*

Vendor	Product	Version	CPE
fenrir	grani	*	cpe:2.3:a:fenrir:grani::::::::
fenrir	sleipnir	*	cpe:2.3:a:fenrir:sleipnir::r2::::::*

References

jvn.jp/jp/JVN%2365427327/index.html

osvdb.org/38875

osvdb.org/38876

secunia.com/advisories/27655

secunia.com/advisories/27675

www.fenrir.co.jp/grani/note.html

www.fenrir.co.jp/sleipnir/note.html

www.securityfocus.com/bid/26418

exchange.xforce.ibmcloud.com/vulnerabilities/38441

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.6

Confidence

High

EPSS

0.005

Percentile

76.8%

JSON

Related for NVD:CVE-2007-6002

cve2 prion2 cvelist2 nvd1