CVE-2007-2808

Cross-site scripting (XSS) vulnerability in gnatsweb.pl in Gnatsweb 4.00 and Gnats 4.1.99 allows remote attackers to inject arbitrary web script or HTML via the database parameter.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://osvdb.org/36224
http://pridels-team.blogspot.com/2007/05/blog-post.html
http://secunia.com/advisories/25333	Vendor Advisory
http://secunia.com/advisories/28743
http://www.debian.org/security/2008/dsa-1486
http://www.securityfocus.com/bid/24081
http://www.vupen.com/english/advisories/2007/1886
https://exchange.xforce.ibmcloud.com/vulnerabilities/34392

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gnu:gnats:4.1.99:::::::*
	cpe:2.3:a:yngve_svendsen:gnatsweb:4.00:::::::*

History

No history.

Information

Published : 2007-05-22 19:30

Updated : 2017-07-29 01:31

NVD link : CVE-2007-2808

Mitre link : CVE-2007-2808

CVE.ORG link : CVE-2007-2808

JSON object : View

Products Affected

yngve_svendsen

gnatsweb

gnu

gnats

CWE

NVD-CWE-Other

{"id": "CVE-2007-2808", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2007-05-22T19:30:00.000", "references": [{"url": "http://osvdb.org/36224", "source": "cve@mitre.org"}, {"url": "http://pridels-team.blogspot.com/2007/05/blog-post.html", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/25333", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/28743", "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2008/dsa-1486", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/24081", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/1886", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34392", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in gnatsweb.pl in Gnatsweb 4.00 and Gnats 4.1.99 allows remote attackers to inject arbitrary web script or HTML via the database parameter."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en gnatsweb.pl en Gnatsweb 4.00 y Gnats 4.1.99 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro database."}], "lastModified": "2017-07-29T01:31:44.737", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gnu:gnats:4.1.99:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5391A734-610A-4092-8D11-FB1CFA4C8144"}, {"criteria": "cpe:2.3:a:yngve_svendsen:gnatsweb:4.00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB4B484D-B643-4B67-BB1E-A7C049420A54"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}