CVE-2007-3056

Cross-site scripting (XSS) vulnerability in filedetails.php in WebSVN 2.0rc4, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the path parameter.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/24310
http://secunia.com/advisories/25532	Vendor Advisory
http://www.nabble.com/CVE-2007-3056-tf4246678.html
http://websvn.tigris.org/servlets/ReadMsg?list=dev&msgNo=1328
http://www.attrition.org/pipermail/vim/2007-August/001771.html
http://securitytracker.com/id?1018601
http://bugs.gentoo.org/show_bug.cgi?id=180879
http://osvdb.org/36409
https://exchange.xforce.ibmcloud.com/vulnerabilities/34726

Configurations

Configuration 1 (hide)

cpe:2.3:a:websvn:websvn:*:*:*:*:*:*:*:*

Information

Published : 2007-06-05 18:30

Updated : 2017-07-28 18:31

NVD link : CVE-2007-3056

Mitre link : CVE-2007-3056

JSON object : View

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Products Affected

websvn

websvn

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/24310", "name": "24310", "tags": [], "refsource": "BID"}, {"url": "http://secunia.com/advisories/25532", "name": "25532", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.nabble.com/CVE-2007-3056-tf4246678.html", "name": "http://www.nabble.com/CVE-2007-3056-tf4246678.html", "tags": [], "refsource": "CONFIRM"}, {"url": "http://websvn.tigris.org/servlets/ReadMsg?list=dev&msgNo=1328", "name": "http://websvn.tigris.org/servlets/ReadMsg?list=dev&msgNo=1328", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.attrition.org/pipermail/vim/2007-August/001771.html", "name": "20070823 ACK for CVE-2007-3056 (WebSVN)", "tags": [], "refsource": "VIM"}, {"url": "http://securitytracker.com/id?1018601", "name": "1018601", "tags": [], "refsource": "SECTRACK"}, {"url": "http://bugs.gentoo.org/show_bug.cgi?id=180879", "name": "http://bugs.gentoo.org/show_bug.cgi?id=180879", "tags": [], "refsource": "MISC"}, {"url": "http://osvdb.org/36409", "name": "36409", "tags": [], "refsource": "OSVDB"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34726", "name": "websvn-filedetails-xss(34726)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in filedetails.php in WebSVN 2.0rc4, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the path parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-79"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-3056", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2007-06-06T01:30Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:websvn:websvn:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "2.0rc4"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-29T01:31Z"}

4.3 /10