1. CVE-Search
  2. CVE-2007-3577
ID CVE-2007-3577
Summary PHPIDS before 20070703 does not properly handle use of the substr method in (1) document.location.search and (2) document.referrer; (3) certain use of document.location.hash; (4) certain "window[eval" and similar expressions; (5) certain Function expressions; (6) certain '=' expressions, as demonstrated by a 'whatever="something"' sequence; and (7) certain "with" expressions, which allows remote attackers to inject arbitrary web script.
References
Vulnerable Configurations
  • cpe:2.3:a:phpids:phpids:*:*:*:*:*:*:*:*
    cpe:2.3:a:phpids:phpids:*:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 29-07-2017 - 01:32)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:N
refmap via4
confirm http://groups.google.com/group/php-ids/browse_thread/thread/3ec15f69d6b3dba0
misc http://sla.ckers.org/forum/read.php?2,13209,13218
osvdb 45759
xf phpids-multiple-xss(35489)
Last major update 29-07-2017 - 01:32
Published 05-07-2007 - 20:30
Last modified 29-07-2017 - 01:32
Back to Top