CVE-2007-2808

Cross-site scripting (XSS) vulnerability in gnatsweb.pl in Gnatsweb 4.00 and Gnats 4.1.99 allows remote attackers to inject arbitrary web script or HTML via the database parameter.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://pridels-team.blogspot.com/2007/05/blog-post.html
http://secunia.com/advisories/25333	Vendor Advisory
http://www.securityfocus.com/bid/24081
http://www.debian.org/security/2008/dsa-1486
http://secunia.com/advisories/28743
http://www.vupen.com/english/advisories/2007/1886
http://osvdb.org/36224
https://exchange.xforce.ibmcloud.com/vulnerabilities/34392

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gnu:gnats:4.1.99:::::::*
	cpe:2.3:a:yngve_svendsen:gnatsweb:4.00:::::::*

Information

Published : 2007-05-22 12:30

Updated : 2017-07-28 18:31

NVD link : CVE-2007-2808

Mitre link : CVE-2007-2808

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

gnu

gnats

yngve_svendsen

gnatsweb

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://pridels-team.blogspot.com/2007/05/blog-post.html", "name": "http://pridels-team.blogspot.com/2007/05/blog-post.html", "tags": [], "refsource": "MISC"}, {"url": "http://secunia.com/advisories/25333", "name": "25333", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/bid/24081", "name": "24081", "tags": [], "refsource": "BID"}, {"url": "http://www.debian.org/security/2008/dsa-1486", "name": "DSA-1486", "tags": [], "refsource": "DEBIAN"}, {"url": "http://secunia.com/advisories/28743", "name": "28743", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2007/1886", "name": "ADV-2007-1886", "tags": [], "refsource": "VUPEN"}, {"url": "http://osvdb.org/36224", "name": "36224", "tags": [], "refsource": "OSVDB"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34392", "name": "gnats-gnatsweb-xss(34392)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in gnatsweb.pl in Gnatsweb 4.00 and Gnats 4.1.99 allows remote attackers to inject arbitrary web script or HTML via the database parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-2808", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2007-05-22T19:30Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:gnu:gnats:4.1.99:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:yngve_svendsen:gnatsweb:4.00:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-29T01:31Z"}