4.3

CVE-2007-3120

Cross-site scripting (XSS) vulnerability in public/code/cp_dpage.php in All In One Control Panel (AIOCP) before 1.3.017 allows remote attackers to inject arbitrary web script or HTML via the aiocp_dp parameter.  NOTE: some of these details are obtained from third party information.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AiocpAiocp Version1.3.000
AiocpAiocp Version1.3.001
AiocpAiocp Version1.3.002
AiocpAiocp Version1.3.003
AiocpAiocp Version1.3.004
AiocpAiocp Version1.3.005
AiocpAiocp Version1.3.006
AiocpAiocp Version1.3.007
AiocpAiocp Version1.3.008
AiocpAiocp Version1.3.009
AiocpAiocp Version1.3.010
AiocpAiocp Version1.3.011
AiocpAiocp Version1.3.012
AiocpAiocp Version1.3.013
AiocpAiocp Version1.3.014
AiocpAiocp Version1.3.015
AiocpAiocp Version1.3.016
AiocpAiocp Version1.3.017
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.22% 0.648
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://osvdb.org/35533
http://secunia.com/advisories/25584
Patch
Vendor Advisory
http://sourceforge.net/project/shownotes.php?release_id=514035
Patch
http://www.securityfocus.com/bid/24357
http://www.vupen.com/english/advisories/2007/2097
https://exchange.xforce.ibmcloud.com/vulnerabilities/34762