CVE-2007-1939

{"id": "CVE-2007-1939", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2007-04-10T23:19:00.000", "references": [{"url": "http://www.danielnaber.de/languagetool/download/CHANGES.txt", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/1759", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the embedded webserver in Daniel Naber LanguageTool before 0.8.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message, possibly the demultiplex method in HTTPServer.java."}, {"lang": "es", "value": "Una vulnerabilidad de tipo cross-site scripting (XSS) en el servidor web integrado en Daniel Naber LanguageTool versiones anteriores a 0.8.9, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de vectores no especificados que involucra un mensaje de error, posiblemente el m\u00e9todo demultiplex en el archivo HTTPServer.java."}], "lastModified": "2011-03-08T02:53:14.500", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:daniel_naber:languagetool:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "369356DA-9C4C-4E38-A1F3-816B72732F26", "versionEndIncluding": "0.8.8"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}