Lucene search

PRIOn knowledge basePRION:CVE-2007-0407

HistoryJan 23, 2007 - 12:28 a.m.

Cross site scripting

2007-01-2300:28:00

PRIOn knowledge base

www.prio-n.com

5.9 Medium

AI Score

Confidence

High

0.022 Low

EPSS

Percentile

89.4%

JSON

Cross-site scripting (XSS) vulnerability in Operation/User.pm in Plain Black WebGUI before 7.3.5 (beta) allows remote attackers to inject arbitrary web script or HTML via the username parameter during anonymous registration, a different vector than CVE-2007-0308. NOTE: it is possible that a separate “WikiPage titles” issue was also fixed.

CPENameOperatorVersion
webguieq6.8.1
webguieq6.7.3
webguieq6.6.2
webguieq6.5.0
webguieq6.6.0
webguieq6.6.5
webguieq6.7.2
webguieq6.5.4
webguieq6.7.4
webguieq6.8.3

Name	Operator	Version
webgui	eq	6.8.1
webgui	eq	6.7.3
webgui	eq	6.6.2
webgui	eq	6.5.0
webgui	eq	6.6.0
webgui	eq	6.6.5
webgui	eq	6.7.2
webgui	eq	6.5.4
webgui	eq	6.7.4
webgui	eq	6.8.3

Rows per page:

1-10 of 301

References

osvdb.org/32928

secunia.com/advisories/23754

www.plainblack.com/bugs/tracker/security-update-cross-site-scripting-vulnerability

www.plainblack.com/downloads/builds/7.3.5-beta/WebGUI/docs/changelog/7.x.x.txt

www.securityfocus.com/bid/22114

www.vupen.com/english/advisories/2007/0242

exchange.xforce.ibmcloud.com/vulnerabilities/31573