CVE-2007-0969 - Multiple cross-site scripting (XSS) vulnerabilities in WebTester 5.0.20060927 and earlier allow remo

CVE-2007-0969

Summary

Multiple cross-site scripting (XSS) vulnerabilities in WebTester 5.0.20060927 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to POST parameters to multiple files.

References

http://osvdb.org/33202
http://secunia.com/advisories/24157
http://securityreason.com/securityalert/2261
http://www.securityfocus.com/archive/1/460078/100/0/threaded
http://www.securityfocus.com/bid/22559
http://www.vupen.com/english/advisories/2007/0633
https://exchange.xforce.ibmcloud.com/vulnerabilities/32492

Vulnerable Configurations

cpe:2.3:a:webtester:webtester:*:*:*:*:*:*:*:*
cpe:2.3:a:webtester:webtester:*:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 16-10-2018 - 16:35)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bid	22559
bugtraq	20070214 WebTester 5.0.2 sql injection and XSS vulnerabilities
osvdb	33202
secunia	24157
sreason	2261
vupen	ADV-2007-0633
xf	webtester-post-xss(32492)

Last major update

16-10-2018 - 16:35

Published

16-02-2007 - 01:28

Last modified

16-10-2018 - 16:35