CVE-2007-4021 - Multiple cross-site scripting (XSS) vulnerabilities in login.php in Brain Book Software Secure 1.0.2

CVE-2007-4021

Summary

Multiple cross-site scripting (XSS) vulnerabilities in login.php in Brain Book Software Secure 1.0.20070629 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user and (2) pwd parameters.

References

http://pridels-team.blogspot.com/2007/07/secure-xss-vuln.html
http://www.securityfocus.com/bid/25024
http://www.vupen.com/english/advisories/2007/2656
https://exchange.xforce.ibmcloud.com/vulnerabilities/35583

Vulnerable Configurations

cpe:2.3:a:brain_book_software:software_secure:*:*:*:*:*:*:*:*
cpe:2.3:a:brain_book_software:software_secure:*:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 29-07-2017 - 01:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

bid	25024
misc	http://pridels-team.blogspot.com/2007/07/secure-xss-vuln.html
vupen	ADV-2007-2656
xf	secure-login-xss(35583)

Last major update

29-07-2017 - 01:32

Published

26-07-2007 - 19:30

Last modified

29-07-2017 - 01:32