CVE-2007-0137

Current Description

Cross-site scripting (XSS) vulnerability in SimpleBoxes/SerendipityNZ Serene Bach 2.05R and earlier, and 2.08D and earlier in the 2.08 series; and (2) sb 1.13D and earlier, and 1.18R and earlier in the 1.18 series; allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Basic Data

PublishedJanuary 09, 2007
Last ModifiedJuly 29, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score6.8
SeverityMEDIUM
Exploitability Score8.6
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegetrue

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationSerendipitynzSerene Bach1.18r*******
    2.3ApplicationSerendipitynzSerene Bach2.05r*******
    2.3ApplicationSerendipitynzSerene Bach2.08d*******
    2.3ApplicationSerendipitynzSerene Bach Sb1.13d*******

Vulnerable Software List

VendorProductVersions
Serendipitynz Serene Bach 1.18r, 2.05r, 2.08d
Serendipitynz Serene Bach Sb 1.13d

References

NameSourceURLTags
JVN#65500885http://jvn.jp/jp/JVN%2365500885/index.htmlJVN
32580http://osvdb.org/32580OSVDB
23623http://secunia.com/advisories/23623SECUNIAPatch Vendor Advisory
1017470http://securitytracker.com/id?1017470SECTRACK
http://serenebach.net/log/sb119R.htmlhttp://serenebach.net/log/sb119R.htmlCONFIRM
http://serenebach.net/log/sb209R.htmlhttp://serenebach.net/log/sb209R.htmlCONFIRM
21884http://www.securityfocus.com/bid/21884BID
ADV-2007-0065http://www.vupen.com/english/advisories/2007/0065VUPEN
serene-bach-unspecified-xss(31302)https://exchange.xforce.ibmcloud.com/vulnerabilities/31302XF