CVE-2007-1177

Sažetak

WebAPP before 0.9.9.5 does not properly filter certain characters in contexts related to (1) the query string, (2) Profiles, (3) the Forum Post icon field, (4) the Edit Profile, and (5) the Gallery, which has unknown impact and remote attack vectors, possibly related to cross-site scripting (XSS).

Reference

http://osvdb.org/33277
http://osvdb.org/33283
http://osvdb.org/33286
http://osvdb.org/33287
http://secunia.com/advisories/24080
http://www.securityfocus.com/bid/22563
http://www.vupen.com/english/advisories/2007/0604
http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=250

CVSS

Base:	5.8
Impact:	4.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:N

Zadnje važnije ažuriranje

08-03-2011 - 02:51

Objavljeno

02-03-2007 - 21:18