CVE-2007-3807 - Multiple cross-site scripting (XSS) vulnerabilities in SiteScape Forum before 7.3 allow remote attac

CVE-2007-3807

Summary

Multiple cross-site scripting (XSS) vulnerabilities in SiteScape Forum before 7.3 allow remote attackers to inject arbitrary web script or HTML via the user name field in the login procedure, and other unspecified vectors.

References

http://osvdb.org/36844
http://secunia.com/advisories/26065
http://securityreason.com/securityalert/2893
http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3159
http://www.securityfocus.com/archive/1/473624/100/0/threaded
http://www.securityfocus.com/bid/24893
https://exchange.xforce.ibmcloud.com/vulnerabilities/35395

Vulnerable Configurations

cpe:2.3:a:sitescape:sitescape_forum:*:*:*:*:*:*:*:*
cpe:2.3:a:sitescape:sitescape_forum:*:*:*:*:*:*:*:*

CVSS

Base:	2.6 (as of 15-10-2018 - 21:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:H/Au:N/C:N/I:P/A:N

refmap via4

bid	24893
bugtraq	20070713 [scip_Advisory 3159] SiteScape forum prior 7.3 Cross Site Scripting
misc	http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3159
osvdb	36844
secunia	26065
sreason	2893
xf	sitescape-login-xss(35395)

Last major update

15-10-2018 - 21:31

Published

17-07-2007 - 00:30

Last modified

15-10-2018 - 21:31