CVE Vulnerability

CVE-2007-4265

Multiple cross-site scripting (XSS) vulnerabilities in VisionProject 3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) projectIssueId parameter in EditProjectIssue.do, the (2) projectId parameter in ProjectSelected.do, the (3) folderId parameter in ProjectDocuments.do and the (4) sortField parameter in ProjectIssues.do.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

References
Link Resource
http://pridels-team.blogspot.com/2007/08/visionproject-multiple-xss-vuln.html
http://www.securityfocus.com/bid/25218 Exploit
http://secunia.com/advisories/26346 Vendor Advisory
http://osvdb.org/36435
http://osvdb.org/36433
http://osvdb.org/36434
http://osvdb.org/36436
https://exchange.xforce.ibmcloud.com/vulnerabilities/35825
Configurations

Configuration 1

cpe:2.3:a:visionera_ab:visionproject:*:*:*:*:*:*:*:*
Information

Published : 2007-08-09 10:17

Updated : 2017-07-29 01:32

NVD link : CVE-2007-4265

Mitre link : CVE-2007-4265

Products Affected
No products.
CWE
NVD-CWE-Other