CVE Vulnerability

CVE-2007-5924

Cross-site scripting (XSS) vulnerability in the Web Server (HTTP) task in IBM Lotus Domino before 6.5.6 FP2, and 7.x before 7.0.2 FP2, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

References
Link Resource
http://jvn.jp/jp/JVN%2384565055/index.html
http://www-1.ibm.com/support/docview.wss?uid=swg21263871
http://www-1.ibm.com/support/docview.wss?uid=swg27010980
http://secunia.com/advisories/27509
http://osvdb.org/39720
http://www.vupen.com/english/advisories/2007/3700
Configurations

Configuration 1

cpe:2.3:a:ibm:lotus_domino:7.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_domino:7.0.2:*:fp1:*:*:*:*:*
cpe:2.3:a:ibm:lotus_domino:*:*:fp1:*:*:*:*:*
cpe:2.3:a:ibm:lotus_domino:7.0.2:*:*:*:*:*:*:*
Information

Published : 2007-11-10 02:46

Updated : 2011-03-08 03:01

NVD link : CVE-2007-5924

Mitre link : CVE-2007-5924

Products Affected
No products.
CWE
CWE-79