CVE-2007-0891

Cross-site scripting (XSS) vulnerability in the GetCurrentCompletePath function in phpmyvisites.php in phpMyVisites before 2.2 allows remote attackers to inject arbitrary web script or HTML via the query string.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/24124	Permissions Required
http://www.securityfocus.com/bid/22516	Third Party Advisory VDB Entry
http://osvdb.org/33176	Broken Link
http://www.vupen.com/english/advisories/2007/0566	Not Applicable
http://marc.info/?l=full-disclosure&m=117121596803908&w=2	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/32430
http://www.securityfocus.com/archive/1/459792/100/0/threaded

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:matthieu_aubry:phpmyvisites:1.2.2:::::::*
	cpe:2.3:a:matthieu_aubry:phpmyvisites:1.2_beta:::::::*
	cpe:2.3:a:matthieu_aubry:phpmyvisites:0.1_beta:::::::*
	cpe:2.3:a:matthieu_aubry:phpmyvisites:1.3:::::::*
	cpe:2.3:a:matthieu_aubry:phpmyvisites::::::::
	cpe:2.3:a:matthieu_aubry:phpmyvisites:1.2:::::::*
	cpe:2.3:a:matthieu_aubry:phpmyvisites:1.2.1:::::::*
	cpe:2.3:a:matthieu_aubry:phpmyvisites:1.0:::::::*
	cpe:2.3:a:matthieu_aubry:phpmyvisites:1.1:::::::*

Information

Published : 2007-02-12 15:28

Updated : 2018-10-16 09:35

NVD link : CVE-2007-0891

Mitre link : CVE-2007-0891

JSON object : View

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Products Affected

matthieu_aubry

phpmyvisites

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://secunia.com/advisories/24124", "name": "24124", "tags": ["Permissions Required"], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/bid/22516", "name": "22516", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}, {"url": "http://osvdb.org/33176", "name": "33176", "tags": ["Broken Link"], "refsource": "OSVDB"}, {"url": "http://www.vupen.com/english/advisories/2007/0566", "name": "ADV-2007-0566", "tags": ["Not Applicable"], "refsource": "VUPEN"}, {"url": "http://marc.info/?l=full-disclosure&m=117121596803908&w=2", "name": "20070211 Multiple vulnerabilities in phpMyVisites", "tags": ["Third Party Advisory"], "refsource": "FULLDISC"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32430", "name": "phpmyvisites-phpmyvisites-xss(32430)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/459792/100/0/threaded", "name": "20070211 Multiple vulnerabilities in phpMyVisites", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the GetCurrentCompletePath function in phpmyvisites.php in phpMyVisites before 2.2 allows remote attackers to inject arbitrary web script or HTML via the query string."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-79"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-0891", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2007-02-12T23:28Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:matthieu_aubry:phpmyvisites:1.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:matthieu_aubry:phpmyvisites:1.2_beta:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:matthieu_aubry:phpmyvisites:0.1_beta:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:matthieu_aubry:phpmyvisites:1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:matthieu_aubry:phpmyvisites:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "2.1"}, {"cpe23Uri": "cpe:2.3:a:matthieu_aubry:phpmyvisites:1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:matthieu_aubry:phpmyvisites:1.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:matthieu_aubry:phpmyvisites:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:matthieu_aubry:phpmyvisites:1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-16T16:35Z"}

4.3 /10