4.3
CVE-2007-3708
- EPSS 1.22%
- Veröffentlicht 11.07.2007 23:30:00
- Zuletzt bearbeitet 16.06.2026 22:42:34
- CVE-Watchlists
- Unerledigt
Cross-site scripting (XSS) vulnerability in CodeIgniter 1.5.3 before 20070626 allows remote attackers to inject arbitrary web script or HTML via (1) String.fromCharCode and (2) malformed nested tag manipulations in an unspecified component, related to insufficient sanitization by the xss_clean function.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Codeigniter ≫ Codeigniter Version1.5.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.22% | 0.648 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064500.html
http://secunia.com/advisories/25991
http://securityreason.com/securityalert/2877
http://www.securityfocus.com/archive/1/473190/100/0/threaded
http://osvdb.org/37907
https://exchange.xforce.ibmcloud.com/vulnerabilities/35350