4.3
CVE-2007-2300
- EPSS 1.9%
- Veröffentlicht 26.04.2007 21:19:00
- Zuletzt bearbeitet 16.06.2026 22:39:19
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginMultiple cross-site scripting (XSS) vulnerabilities in Endy Kristanto Surat kabar / News Management Online (aka phpwebnews) 0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the m_txt parameter to (1) iklan.php, (2) index.php, or (3) bukutamu.php.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Surat Kabar ≫ Phpwebnews Version0.1
Surat Kabar ≫ Phpwebnews Version0.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.9% | 0.769 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
http://securityreason.com/securityalert/2643
http://www.osvdb.org/35365
http://www.osvdb.org/35366
http://www.osvdb.org/35367
http://www.securityfocus.com/archive/1/465545/100/0/threaded
http://www.securityfocus.com/bid/23448
https://exchange.xforce.ibmcloud.com/vulnerabilities/33641