CVE-2007-0696

Published Feb 3, 2007

Last updated 8 years ago

CVSS info 6.8

Overview

Description: Cross-site scripting (XSS) vulnerability in error messages in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC3 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, different vectors than CVE-2007-0611.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:free_lan_intra_internet_portal:free_lan_intra_internet_portal:0.9.0.730:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "702B5C03-6994-41F8-9C73-7D57ABCC92DC"
          },
          {
            "criteria": "cpe:2.3:a:free_lan_intra_internet_portal:free_lan_intra_internet_portal:0.9.0.1029:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "367EF43F-CCD2-47FF-9296-B0E3CF2655AC"
          },
          {
            "criteria": "cpe:2.3:a:free_lan_intra_internet_portal:free_lan_intra_internet_portal:1.0_rc1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E35C6D3D-2086-4C30-97FB-2D4C61792CD1"
          },
          {
            "criteria": "cpe:2.3:a:free_lan_intra_internet_portal:free_lan_intra_internet_portal:1.0_rc2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4C154925-1FFF-43CE-9A1E-CCC29B8DEE2F"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References