1. CVE-Search
  2. CVE-2007-2592
ID CVE-2007-2592
Summary Multiple cross-site scripting (XSS) vulnerabilities in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to de/pda/dev_logon.asp and (2) multiple unspecified vectors in (a) usrmgr/registerAccount.asp, (b) de/create_account.asp, and other files.
References
Vulnerable Configurations
  • cpe:2.3:a:nokia:groupwise_mobile_server:*:*:*:*:*:*:*:*
    cpe:2.3:a:nokia:groupwise_mobile_server:*:*:*:*:*:*:*:*
  • cpe:2.3:a:nokia:intellisync_mobile_suite:6.4.31.2:*:*:*:*:*:*:*
    cpe:2.3:a:nokia:intellisync_mobile_suite:6.4.31.2:*:*:*:*:*:*:*
  • cpe:2.3:a:nokia:intellisync_mobile_suite:6.6.0.107:*:*:*:*:*:*:*
    cpe:2.3:a:nokia:intellisync_mobile_suite:6.6.0.107:*:*:*:*:*:*:*
  • cpe:2.3:a:nokia:intellisync_mobile_suite:6.6.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:nokia:intellisync_mobile_suite:6.6.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:nokia:intellisync_wireless_email_express:*:*:*:*:*:*:*:*
    cpe:2.3:a:nokia:intellisync_wireless_email_express:*:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 16-10-2018 - 16:44)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:N
refmap via4
bid 23889
bugtraq 20070509 SEC Consult SA-20070509-0 :: Multiple vulnerabilites in Nokia Intellisync Mobile Suite & Wireless Email Express
confirm http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5005120.html
misc http://www.sec-consult.com/289.html
osvdb
  • 34515
  • 34516
  • 34517
sectrack 1018454
secunia
  • 25212
  • 26199
sreason 2689
vupen
  • ADV-2007-1727
  • ADV-2007-2657
xf nokia-multiple-scripts-xss(34187)
Last major update 16-10-2018 - 16:44
Published 11-05-2007 - 04:20
Last modified 16-10-2018 - 16:44
Back to Top