CVE-2007-3708 - Cross-site scripting (XSS) vulnerability in CodeIgniter 1.5.3 before 20070626 allows remote attacker

CVE-2007-3708

Summary

Cross-site scripting (XSS) vulnerability in CodeIgniter 1.5.3 before 20070626 allows remote attackers to inject arbitrary web script or HTML via (1) String.fromCharCode and (2) malformed nested tag manipulations in an unspecified component, related to insufficient sanitization by the xss_clean function.

References

Vulnerable Configurations

cpe:2.3:a:codeigniter:codeigniter:1.5.3:*:*:*:*:*:*:*
cpe:2.3:a:codeigniter:codeigniter:1.5.3:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 15-10-2018 - 21:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

bugtraq	20070708 CodeIgniter 1.5.3 vulnerabilities
fulldisc	20070709 CodeIgniter 1.5.3 vulnerabilities
osvdb	37907
secunia	25991
sreason	2877
xf	codeigniter-xssclean-xss(35350)

Last major update

15-10-2018 - 21:29

Published

11-07-2007 - 23:30

Last modified

15-10-2018 - 21:29