CVE-2007-2592

{"id": "CVE-2007-2592", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2007-05-11T04:20:00.000", "references": [{"url": "http://osvdb.org/34515", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/34516", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/34517", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/25212", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/26199", "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/2689", "source": "cve@mitre.org"}, {"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5005120.html", "source": "cve@mitre.org"}, {"url": "http://www.sec-consult.com/289.html", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/468048/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/23889", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1018454", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/1727", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/2657", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34187", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/34515", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://osvdb.org/34516", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://osvdb.org/34517", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/25212", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/26199", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securityreason.com/securityalert/2689", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5005120.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.sec-consult.com/289.html", "tags": ["Exploit", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/468048/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/23889", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id?1018454", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2007/1727", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2007/2657", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34187", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to de/pda/dev_logon.asp and (2) multiple unspecified vectors in (a) usrmgr/registerAccount.asp, (b) de/create_account.asp, and other files."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades secuencias de comandos en sitios cruzados (XSS) en el Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107 y 6.6.2.2, posiblemente involucrando al Novell Groupwise Mobile Server y al Nokia Intellisync Wireless Email Express, permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro (1) username en el de/pda/dev_logon.asp y (2) m\u00faltiples vectores sin especificar en el (a) usrmgr/registerAccount.asp, (b) de/create_account.asp y otros archivos."}], "lastModified": "2024-11-21T00:31:10.487", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nokia:groupwise_mobile_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49230DA2-0B09-42BF-811B-1CCF56181FBC"}, {"criteria": "cpe:2.3:a:nokia:intellisync_mobile_suite:6.4.31.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3E0EF3B-D4F6-4300-949B-F80285C43CAB"}, {"criteria": "cpe:2.3:a:nokia:intellisync_mobile_suite:6.6.0.107:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB300678-04E7-4F6B-AE43-8931C2FF5F40"}, {"criteria": "cpe:2.3:a:nokia:intellisync_mobile_suite:6.6.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1795FDF-D272-476F-85FA-D57A474CA3F5"}, {"criteria": "cpe:2.3:a:nokia:intellisync_wireless_email_express:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "75F41ABD-B71D-48B3-B911-8F0ED1BA8A83"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}