Executive Summary

Informations
Name CVE-2007-4523 First vendor Publication 2007-08-24
Vendor Cve Last vendor Modification 2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:S/C:N/I:P/A:N)
Cvss Base Score 3.5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 6.8 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple cross-site scripting (XSS) vulnerabilities in Ripe Website Manager 0.8.9 and earlier allow remote authenticated users to inject arbitrary web script or HTML via one or more of the following vectors: the (1) id parameter to (a) pages/delete_page.php, (b) navigation/delete_menu.php, and (c) navigation/delete_item.php in admin/; the (2) menu_id, (3) name, (3) page_id, and (4) url parameters in (d) admin/navigation/do_new_item.php; the (5) new_menuname parameter in (e) admin/navigation/do_new_nav.php; and (6) area1, name, and url parameters to (f) admin/pages/do_new_page.php, probably involving the Title or textarea field as reachable through admin/pages/new_page.php. NOTE: the original disclosure does not precisely state which vectors are associated with SQL injection versus XSS.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4523

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 2

Open Source Vulnerability Database (OSVDB)

Id Description
38449 Ripe Website Manager admin/pages/do_new_page.php Multiple Parameter XSS
38448 Ripe Website Manager admin/navigation/do_new_nav.php new_menuname Parameter XSS
38447 Ripe Website Manager admin/navigation/do_new_item.php Multiple Parameter XSS
38446 Ripe Website Manager navigation/delete_item.php id Parameter XSS
38445 Ripe Website Manager navigation/delete_menu.php id Parameter XSS
38444 Ripe Website Manager pages/delete_page.php id Parameter XSS

Sources (Detail)

http://osvdb.org/38444
http://osvdb.org/38445
http://osvdb.org/38446
http://osvdb.org/38447
http://osvdb.org/38448
http://osvdb.org/38449
http://securityreason.com/securityalert/3058
http://www.securityfocus.com/archive/1/477320/100/0/threaded
http://www.securityfocus.com/bid/25406
https://exchange.xforce.ibmcloud.com/vulnerabilities/36179
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
Date Informations
2024-11-28 23:16:27
  • Multiple Updates
2024-11-28 12:13:18
  • Multiple Updates
2021-05-04 12:06:18
  • Multiple Updates
2021-04-22 01:06:50
  • Multiple Updates
2020-05-23 00:20:20
  • Multiple Updates
2018-10-16 00:19:13
  • Multiple Updates
2017-07-29 12:02:29
  • Multiple Updates
2016-06-28 16:51:36
  • Multiple Updates
2013-05-11 10:34:52
  • Multiple Updates