nvd-json-data-feeds/CVE-2007/CVE-2007-31xx/CVE-2007-3137.json

{
  "id": "CVE-2007-3137",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2007-06-08T16:30:00.000",
  "lastModified": "2025-04-09T00:30:58.490",
  "vulnStatus": "Deferred",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in 4print.asp in WmsCMS 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) sbl, (2) sbr, or (3) search parameter. NOTE: the original disclosure claims the pageid parameter in index.php is affected, but this is incorrect."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de tipo cross-site-scripting (XSS) en 4print.asp en WmsCMS versi\u00f3n 2.0 y anteriores permiten a los atacantes remotos inyectar scripts web o HTML arbitrarios por medio de los par\u00e1metros (1) sbl, (2) sbr o (3) search. NOTA: la divulgaci\u00f3n original afirma que el par\u00e1metro pageid en index.php se ve afectado, pero esto es incorrecto."
    }
  ],
  "metrics": {
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "baseScore": 4.3,
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "NONE"
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": true
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:webmaster_solutions:wmscms:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16E1BD08-95E6-4CC2-BAC5-1FF9F1E1CAC0"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://osvdb.org/37144",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://secunia.com/advisories/25583",
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "http://securityreason.com/securityalert/2789",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://www.securityfocus.com/archive/1/470758/100/0/threaded",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://www.securityfocus.com/bid/24365",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ]
    },
    {
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34763",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://osvdb.org/37144",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "http://secunia.com/advisories/25583",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "http://securityreason.com/securityalert/2789",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "http://www.securityfocus.com/archive/1/470758/100/0/threaded",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "http://www.securityfocus.com/bid/24365",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ]
    },
    {
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34763",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    }
  ]
}