CVE-2007-0119

Current Description

Multiple cross-site scripting (XSS) vulnerabilities in EditTag 1.2 allow remote attackers to inject arbitrary web script or HTML via the plain parameter to (1) mkpw_mp.cgi, (2) mkpw.pl, or (3) mkpw.cgi.

Basic Data

PublishedJanuary 09, 2007
Last ModifiedOctober 16, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score6.8
SeverityMEDIUM
Exploitability Score8.6
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegetrue

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationEdittagEdittag1.2*******

Vulnerable Software List

VendorProductVersions
Edittag Edittag 1.2

References

NameSourceURLTags
33390http://osvdb.org/33390OSVDB
33391http://osvdb.org/33391OSVDB
33392http://osvdb.org/33392OSVDB
7950http://secunia.com/advisories/7950SECUNIA
20070105 Multiple bugs in EditTaghttp://www.securityfocus.com/archive/1/456055/100/0/threadedBUGTRAQ
21891http://www.securityfocus.com/bid/21891BIDExploit Vendor Advisory