CVE-2007-3067

Cross-site scripting (XSS) vulnerability in the Attunement and Key Tracker 0.95 and earlier plugin for EQdkp allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving the (1) keyshow, (2) sortkey, and (3) show parameters to index.php.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://osvdb.org/36930
http://secunia.com/advisories/25538
http://sourceforge.net/project/shownotes.php?release_id=512860&group_id=167016
http://www.vupen.com/english/advisories/2007/2045
https://exchange.xforce.ibmcloud.com/vulnerabilities/34700

Configurations

Configuration 1 (hide)

cpe:2.3:a:eqdkp:attunement_and_key:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2007-06-06 01:30

Updated : 2024-02-28 11:01

NVD link : CVE-2007-3067

Mitre link : CVE-2007-3067

CVE.ORG link : CVE-2007-3067

JSON object : View

Products Affected

eqdkp

attunement_and_key

CWE

NVD-CWE-Other

{"id": "CVE-2007-3067", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-06-06T01:30:00.000", "references": [{"url": "http://osvdb.org/36930", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/25538", "source": "cve@mitre.org"}, {"url": "http://sourceforge.net/project/shownotes.php?release_id=512860&group_id=167016", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/2045", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34700", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the Attunement and Key Tracker 0.95 and earlier plugin for EQdkp allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving the (1) keyshow, (2) sortkey, and (3) show parameters to index.php."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la extensi\u00f3n (plugin) Attunement and Key Tracker 0.95 y anteriores para Eqdkp permite a atacantes remotos inyectar secuencias de comandos (script) web o HTML de su elecci\u00f3n a trav\u00e9s de vectores sin especificar, posiblemente involucrando los par\u00e1metros (1) keyshow, (2) sortkey, y (3) show (es el nombre de un par\u00e1metro) de index.php."}], "lastModified": "2017-07-29T01:31:57.067", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:eqdkp:attunement_and_key:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "918F880C-D8C7-4E81-AEA3-7531755ED386", "versionEndIncluding": "0.95"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}