CVE-2007-4265 - Multiple cross-site scripting (XSS) vulnerabilities in VisionProject 3.1 and earlier allow remote at

CVE-2007-4265

Summary

Multiple cross-site scripting (XSS) vulnerabilities in VisionProject 3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) projectIssueId parameter in EditProjectIssue.do, the (2) projectId parameter in ProjectSelected.do, the (3) folderId parameter in ProjectDocuments.do and the (4) sortField parameter in ProjectIssues.do.

References

Vulnerable Configurations

cpe:2.3:a:visionera_ab:visionproject:*:*:*:*:*:*:*:*
cpe:2.3:a:visionera_ab:visionproject:*:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 29-07-2017 - 01:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

bid	25218
misc	http://pridels-team.blogspot.com/2007/08/visionproject-multiple-xss-vuln.html
osvdb	36433 36434 36435 36436
secunia	26346
xf	visionproject-multiple-xss(35825)

Last major update

29-07-2017 - 01:32

Published

09-08-2007 - 10:17

Last modified

29-07-2017 - 01:32