nvd-json-data-feeds/CVE-2007/CVE-2007-27xx/CVE-2007-2702.json

{
  "id": "CVE-2007-2702",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2007-05-16T01:19:00.000",
  "lastModified": "2024-11-21T00:31:26.903",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the GroupSpace application in BEA WebLogic Portal 9.2 GA allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the rich text editor."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en la aplicaci\u00f3n GroupSpace de BEA WebLogic Portal 9.2 GA permite a usuarios remotos autenticados inyectar secuencias de comandos (script) web o HTML de su elecci\u00f3n a trav\u00e9s de vectores sin especificar relacionados con el editor de texto enriquecido."
    }
  ],
  "metrics": {
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "baseScore": 3.5,
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "SINGLE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "NONE"
        },
        "baseSeverity": "LOW",
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": true
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:oracle:weblogic_portal:9.2:ga:*:*:*:*:*:*",
              "matchCriteriaId": "B7182B23-E5D5-4913-A11E-8AF727BEE9CD"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://dev2dev.bea.com/pub/advisory/235",
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ]
    },
    {
      "url": "http://osvdb.org/36066",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://secunia.com/advisories/25284",
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "http://www.securitytracker.com/id?1018060",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://www.vupen.com/english/advisories/2007/1815",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34283",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://dev2dev.bea.com/pub/advisory/235",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ]
    },
    {
      "url": "http://osvdb.org/36066",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "http://secunia.com/advisories/25284",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "http://www.securitytracker.com/id?1018060",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "http://www.vupen.com/english/advisories/2007/1815",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34283",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    }
  ]
}