CVE-2007-1723

EPSS 1.89%
Veröffentlicht 28.03.2007 00:19:00
Zuletzt bearbeitet 16.06.2026 22:38:10
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Multiple cross-site scripting (XSS) vulnerabilities in the administration console in Secure Computing CipherTrust IronMail 6.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) network, (2) defRouterIp, (3) hostName, (4) domainName, (5) ipAddress, (6) defaultRouter, (7) dns1, or (8) dns2 parameter to (a) admin/system_IronMail.do; the (9) ipAddress parameter to (b) admin/systemOutOfBand.do; the (10) password or (11) confirmPassword parameter to (c) admin/systemBackup.do; the (12) Klicense parameter to (d) admin/systemLicenseManager.do; the (13) rows[1].attrValueStr or (14) rows[2].attrValueStr parameter to (e) admin/systemWebAdminConfig.do; the (15) rows[0].attrValueStr, rows[1].attrValueStr, (16) rows[2].attrValue, or (17) rows[2].attrValueStrClone parameter to (f) admin/ldap_ConfigureServiceProperties.do; the (18) input1 parameter to (g) admin/mailFirewall_MailRoutingInternal.do; or the (19) rows[2].attrValueStr, (20) rows[3].attrValueStr, (21) rows[5].attrValueStr, or (22) rows[6].attrValueStr parameter to (h) admin/mailIdsConfig.do.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 18

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ciphertrust ≫ Ironmail Version6.1.1

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.89%	0.769

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://osvdb.org/34526

http://osvdb.org/34527

http://osvdb.org/34528

http://osvdb.org/34529

http://osvdb.org/34530

http://osvdb.org/34531

http://osvdb.org/34532

http://osvdb.org/34533

http://secunia.com/advisories/24657

Vendor Advisory

http://securityreason.com/securityalert/2484

http://www.514.es/2007/03/siaadv07004_multiples_vulnerab.html

http://www.securityfocus.com/archive/1/463827/100/0/threaded

http://www.securitytracker.com/id?1017821

http://www.vupen.com/english/advisories/2007/1164

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/33232

https://nvd.nist.gov/vuln/detail/CVE-2007-1723

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-1723

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-1723

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2007-1723