CVE-2007-3137

Multiple cross-site scripting (XSS) vulnerabilities in 4print.asp in WmsCMS 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) sbl, (2) sbr, or (3) search parameter. NOTE: the original disclosure claims the pageid parameter in index.php is affected, but this is incorrect.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://osvdb.org/37144
http://secunia.com/advisories/25583	Vendor Advisory
http://securityreason.com/securityalert/2789
http://www.securityfocus.com/archive/1/470758/100/0/threaded
http://www.securityfocus.com/bid/24365	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/34763

Configurations

Configuration 1 (hide)

cpe:2.3:a:webmaster_solutions:wmscms:2.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2007-06-08 16:30

Updated : 2023-12-10 10:40

NVD link : CVE-2007-3137

Mitre link : CVE-2007-3137

CVE.ORG link : CVE-2007-3137

JSON object : View

Products Affected

webmaster_solutions

wmscms

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2007-3137", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2007-06-08T16:30:00.000", "references": [{"url": "http://osvdb.org/37144", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/25583", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/2789", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/470758/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/24365", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34763", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in 4print.asp in WmsCMS 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) sbl, (2) sbr, or (3) search parameter. NOTE: the original disclosure claims the pageid parameter in index.php is affected, but this is incorrect."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de tipo cross-site-scripting (XSS) en 4print.asp en WmsCMS versi\u00f3n 2.0 y anteriores permiten a los atacantes remotos inyectar scripts web o HTML arbitrarios por medio de los par\u00e1metros (1) sbl, (2) sbr o (3) search. NOTA: la divulgaci\u00f3n original afirma que el par\u00e1metro pageid en index.php se ve afectado, pero esto es incorrecto."}], "lastModified": "2018-10-16T16:47:41.637", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:webmaster_solutions:wmscms:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16E1BD08-95E6-4CC2-BAC5-1FF9F1E1CAC0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}