{ "id": "CVE-2007-1176", "sourceIdentifier": "cve@mitre.org", "published": "2007-03-02T21:18:00.000", "lastModified": "2017-07-29T01:30:40.157", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before 0.9.9.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) Gallery Comments pages, (2) Feedback pages, (3) Search Results pages, and (4) the Statistics Log viewer." }, { "lang": "es", "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en WebAPP anterior a 0.9.9.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante vectores no especificados relacionados con (1) p\u00e1ginas de comentarios de galer\u00edas (Gallery Comments), (2) p\u00e1ginas de realimentaci\u00f3n (Feedback), (3) p\u00e1ginas de b\u00fasqueda de resultados (Search Results), y (4) el visor del log de estad\u00edsticas (Statistics Log)." } ], "metrics": { "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 4.3 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:web-app.org:webapp:*:*:*:*:*:*:*:*", "versionEndIncluding": "0.9.9.4", "matchCriteriaId": "4053C685-A96A-43B3-8D78-E185AD837B5D" } ] } ] } ], "references": [ { "url": "http://osvdb.org/33276", "source": "cve@mitre.org" }, { "url": "http://osvdb.org/33288", "source": "cve@mitre.org" }, { "url": "http://osvdb.org/33289", "source": "cve@mitre.org" }, { "url": "http://osvdb.org/33290", "source": "cve@mitre.org" }, { "url": "http://secunia.com/advisories/24080", "source": "cve@mitre.org" }, { "url": "http://www.securityfocus.com/bid/22563", "source": "cve@mitre.org" }, { "url": "http://www.vupen.com/english/advisories/2007/0604", "source": "cve@mitre.org" }, { "url": "http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=250", "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ] }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32498", "source": "cve@mitre.org" }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32499", "source": "cve@mitre.org" }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32526", "source": "cve@mitre.org" } ] }