CVE-2007-3291

EPSS 1.57%
Veröffentlicht 20.06.2007 21:30:00
Zuletzt bearbeitet 16.06.2026 22:41:25
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Cross-site scripting (XSS) vulnerability in LiveCMS 3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via an article name, possibly involving the titulo parameter in article.php.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

NVD 6 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Livecms ≫ Livecms Version3.0

Livecms ≫ Livecms Version3.3

Livecms ≫ Livecms Version3.3_rc1

Livecms ≫ Livecms Version3.3_rc2

Livecms ≫ Livecms Version3.4

Livecms ≫ Livecms Version3.4a

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.57%	0.722

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://secunia.com/advisories/25744

Vendor Advisory

http://www.securityfocus.com/bid/24580

https://www.exploit-db.com/exploits/4082

http://osvdb.org/37491

https://exchange.xforce.ibmcloud.com/vulnerabilities/35148

https://nvd.nist.gov/vuln/detail/CVE-2007-3291

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-3291

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-3291

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2007-3291