CVE Vulnerability

CVE-2007-5280

Multiple cross-site scripting (XSS) vulnerabilities in messages.jsp in AppFuse before 2.0 Final allow remote attackers to inject arbitrary web script or HTML via unspecified input that is recorded in (1) success or (2) error messages.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

References
Link Resource
http://appfuse.org/display/APF/Release+Notes+2.0
http://issues.appfuse.org/browse/APF-880
http://www.securityfocus.com/bid/25927
http://secunia.com/advisories/27041 Patch Vendor Advisory
http://osvdb.org/37423
Configurations

Configuration 1

cpe:2.3:a:appfuse:appfuse:2.0-rc1:*:*:*:*:*:*:*
Information

Published : 2007-10-09 12:17

Updated : 2008-11-15 07:00

NVD link : CVE-2007-5280

Mitre link : CVE-2007-5280

Products Affected
No products.
CWE
CWE-79