CVE-2007-6696

{"id": "CVE-2007-6696", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2008-02-01T20:00:00.000", "references": [{"url": "http://osvdb.org/41274", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/41275", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/41276", "source": "cve@mitre.org"}, {"url": "http://www.digitrustgroup.com/advisories/web-application-security-webcalendar.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/27461", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://osvdb.org/41274", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://osvdb.org/41275", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://osvdb.org/41276", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.digitrustgroup.com/advisories/web-application-security-webcalendar.html", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/27461", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar 1.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) an event description, (2) the query string to pref.php, and (3) the adv parameter to search.php. NOTE: vector 1 requires user authentication."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en WebCalendar 1.1.6, permiten a atacantes remotos inyectar a su elecci\u00f3n web script o HTM mediante (1) unas descripciones de eventos, (2) la cadena de consulta de pref.php, y (3) el par\u00e1metro adv de search.php. \r\nNOTA: el vector 1 requiere autenticaci\u00f3n de usuario."}], "lastModified": "2024-11-21T00:40:47.250", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:webcalendar:webcalendar:1.1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ACAD8EF1-302C-4037-BB23-210020781701"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}