CVE-2007-3189 - Cross-site scripting (XSS) vulnerability in auth.php in Just For Fun Network Management System (JFFN

CVE-2007-3189

Summary

Cross-site scripting (XSS) vulnerability in auth.php in Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote attackers to inject arbitrary web script or HTML via the user parameter.

References

http://marc.info/?l=full-disclosure&m=118151087109711&w=2
http://secunia.com/advisories/25587
http://secunia.com/advisories/26769
http://www.debian.org/security/2007/dsa-1374
http://www.securityfocus.com/archive/1/471039/100/0/threaded
http://www.securityfocus.com/bid/24414

Vulnerable Configurations

cpe:2.3:a:jffnms:just_for_fun_network_management_system:0.8.3:*:*:*:*:*:*:*
cpe:2.3:a:jffnms:just_for_fun_network_management_system:0.8.3:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 16-10-2018 - 16:47)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

bid	24414
bugtraq	20070610 Serious holes affecting JFFNMS
debian	DSA-1374
fulldisc	20070610 Serious holes affecting JFFNMS
secunia	25587 26769

Last major update

16-10-2018 - 16:47

Published

12-06-2007 - 23:30

Last modified

16-10-2018 - 16:47