CVE-2007-3540

{"id": "CVE-2007-3540", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-07-03T20:30:00.000", "references": [{"url": "http://osvdb.org/36347", "source": "cve@mitre.org"}, {"url": "http://pridels-team.blogspot.com/2007/06/rwauction-pro-xss-vuln.html", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/25849", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/24668", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/2368", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/36347", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://pridels-team.blogspot.com/2007/06/rwauction-pro-xss-vuln.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/25849", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/24668", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2007/2368", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in search.asp in rwAuction Pro 5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) search, (2) show, (3) searchtype, (4) catid, and (5) searchtxt parameters, a different version and vectors than CVE-2005-4060."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en search.asp de rwAuction Pro 5.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de los par\u00e1metros (1) search, (2) show, (3) searchtype, (4) catid, y (5) searchtxt, unos vectores y versi\u00f3n diferente de CVE-2005-4060."}], "lastModified": "2024-11-21T00:33:29.307", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rainworx:rwauction_pro:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09037A73-A76E-4BD4-AA1D-A420C30EB85A"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}