CVE-2007-1576

{"id": "CVE-2007-1576", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2007-03-21T21:19:00.000", "references": [{"url": "http://osvdb.org/34064", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/34065", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/34066", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/34067", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/34068", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/34069", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/24509", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/25748", "source": "cve@mitre.org"}, {"url": "http://security.gentoo.org/glsa/glsa-200706-07.xml", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/2459", "source": "cve@mitre.org"}, {"url": "http://www.nruns.de/security_advisory_phprojekt_xss_and_filter_evasion.php", "tags": ["Broken Link", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.phprojekt.com/index.php?name=News&file=article&sid=276", "tags": ["Broken Link", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/462788/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/22957", "tags": ["VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://osvdb.org/34064", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://osvdb.org/34065", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://osvdb.org/34066", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://osvdb.org/34067", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://osvdb.org/34068", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://osvdb.org/34069", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/24509", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/25748", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://security.gentoo.org/glsa/glsa-200706-07.xml", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securityreason.com/securityalert/2459", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.nruns.de/security_advisory_phprojekt_xss_and_filter_evasion.php", "tags": ["Broken Link", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.phprojekt.com/index.php?name=News&file=article&sid=276", "tags": ["Broken Link", "Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/462788/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/22957", "tags": ["VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors to the (1) Projects, (2) Contacts, (3) Helpdesk, (4) Search (only Gecko engine driven Browsers), and (5) Notes modules; the (6) Mail summary page; and unspecified other files."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el PHProjekt 5.2.0, cuando el magic_quotes_gpc est\u00e1 deshabilitado, permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante vectores sin especificar en los m\u00f3dulos (1) Projects, (2) Contacts, (3) Helpdesk, (4) Search (s\u00f3lo en el motor Gecko impulsado por los buscadores) y (5) Notes y la (6) p\u00e1gina resumen Mail y otros ficheros sin especificar."}], "lastModified": "2024-11-21T00:28:39.690", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:phprojekt:phprojekt:5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0362FFCE-759E-47D8-BBDE-FBA155B6594D"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}