admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2007/CVE-2007-54xx/CVE-2007-5403.json
cad-safe-bot 9d8babeec3 Auto-Update: 2024-07-14T02:00:17.787041+00:00
2024-07-14 02:06:08 +00:00

114 lines
4.4 KiB
JSON
Raw Blame History

{
"id": "CVE-2007-5403",
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"published": "2008-01-09T21:46:00.000",
"lastModified": "2017-07-29T01:33:39.723",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Layton HelpBox 3.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Forename, (2) Surname, (3) Telephone, and (4) Fax fields to writeenduserenduser.asp; the (5) Filter field to statsrequestypereport.asp; and the (6) sys_request_id parameter to requestattach.asp; and allow remote authenticated users to inject arbitrary web script or HTML via the (7) Asset, (8) Location, and (9) Problem fields to editrequestenduser.asp; the (10) Asset, (11) Asset Location, (12) Problem Desc, and (13) Solution Desc fields to editrequestuser.asp; and the (14) End User and (15) Description fields to usersearchrequests.asp. NOTE: vectors 5 and 6 do not require authentication to exploit."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Layton HelpBox 3.7.1 permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML a trav\u00e9s de los campos (1) Forename, (2) Surname, (3) Telephone, y (4) Fax de writeenduserenduser.asp; el campo (5) Filter de statsrequestypereport.asp; y el par\u00e1metro (6) sys_request_id de requestattach.asp;y permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de los campos (7) Asset, (8) Location, y (9) Problem de editrequestenduser.asp;los campos (10) Asset, (11) Asset Location, (12) Problem Desc, y (13) Solution Desc de editrequestuser.asp; y los campos (14) End User y (15) Description de usersearchrequests.asp. NOTA: los vectores 5 y 6 no requieren autenticaci\u00f3n para ser explotados."
}
],
"metrics": {
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 3.5
},
"baseSeverity": "LOW",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": true
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:layton_technology:helpbox:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C49D31B3-8A03-40BF-91A9-708D62FCD0D8"
}
]
}
]
}
],
"references": [
{
"url": "http://secunia.com/advisories/27699",
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://secunia.com/secunia_research/2007-94/advisory/",
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://www.securityfocus.com/bid/27187",
"source": "PSIRT-CNA@flexerasoftware.com"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39537",
"source": "PSIRT-CNA@flexerasoftware.com"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39540",
"source": "PSIRT-CNA@flexerasoftware.com"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39541",
"source": "PSIRT-CNA@flexerasoftware.com"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39542",
"source": "PSIRT-CNA@flexerasoftware.com"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39543",
"source": "PSIRT-CNA@flexerasoftware.com"
}
]
}
Reference in New Issue View Git Blame Copy Permalink