Vulnerability CVE-2007-4088


Published: 2007-07-30   Modified: 2012-02-12

Description:
Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard 0.1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) f, (3) quote, and (4) act parameters to cp.php; the (5) u parameter to user.php; the (6) f parameter to post.php; the (7) s parameter to topic.php; the (8) quote, (9) t, (10) poll, and (11) p parameters to post.php; the (12) Message Title field of a private message (PM) in mode 6 of cp.php; the (13) title field of a private message (PM) in mode 7 of cp.php; and (14) allow user-assisted remote attackers to inject arbitrary web script or HTML via a dosearch action to search.php, which reflects the first lines of all posts by a user. NOTE: the act parameter to help.php and the p parameter to report.php are already covered by CVE-2006-4708. NOTE: vectors 12 and 13 might overlap CVE-2006-6283.1. NOTE: vector 14 might overlap CVE-2006-4708.b.

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Vikingboard -> Vikingboard 

 References:
http://xforce.iss.net/xforce/xfdb/35601
http://www.securityfocus.com/bid/25056
http://secwatch.org/advisories/1018567/
http://secunia.com/advisories/26196
http://osvdb.org/37357
http://osvdb.org/37356
http://osvdb.org/37355
http://osvdb.org/37354
http://osvdb.org/37352
http://lostmon.blogspot.com/2007/07/vikingboard-multiple-cross-site.html
http://xforce.iss.net/xforce/xfdb/35599

Copyright 2024, cxsecurity.com

 

Back to Top