1. CVE-Search
  2. CVE-2007-0939
ID CVE-2007-0939
Summary Cross-site scripting (XSS) vulnerability in Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving HTML redirection queries, aka "Cross-site Scripting and Spoofing Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:content_management_server:2001:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:content_management_server:2001:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:content_management_server:2002:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:content_management_server:2002:sp2:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 16-10-2018 - 16:35)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:N
oval via4
accepted 2015-08-10T04:00:20.657-04:00
class vulnerability
contributors
  • name Robert L. Hollis
    organization ThreatGuard, Inc.
  • name Josh Turpin
    organization Symantec Corporation
  • name Maria Mikhno
    organization ALTX-SOFT
  • name Maria Mikhno
    organization ALTX-SOFT
definition_extensions
  • comment Microsoft Content Management Server 2001 is installed
    oval oval:org.mitre.oval:def:29083
  • comment Microsoft Content Management Server 2001 Service Pack 1 is installed
    oval oval:org.mitre.oval:def:1631
  • comment Microsoft Content Management Server 2002 is installed
    oval oval:org.mitre.oval:def:29122
  • comment Microsoft Content Management Server 2002 Service Pack 2 is installed
    oval oval:org.mitre.oval:def:1937
description Cross-site scripting (XSS) vulnerability in Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving HTML redirection queries, aka "Cross-site Scripting and Spoofing Vulnerability."
family windows
id oval:org.mitre.oval:def:1575
status accepted
submitted 2007-04-11T08:08:51
title CMS Cross-Site Scripting and Spoofing Vulnerability
version 13
refmap via4
bid 22860
hp
  • HPSBST02208
  • SSRT071365
osvdb 34007
sectrack 1017894
secunia 24819
vupen ADV-2007-1322
Last major update 16-10-2018 - 16:35
Published 10-04-2007 - 21:19
Last modified 16-10-2018 - 16:35
Back to Top