CVE-2007-3339

Published Jun 21, 2007

Last updated 6 years ago

CVSS info 4.3

Overview

Description: Multiple cross-site scripting (XSS) vulnerabilities in forum/include/error/autherror.cfm in FuseTalk Basic, Standard, Enterprise, and ColdFusion allow remote attackers to inject arbitrary web script or HTML via the (1) FTVAR_LINKP and (2) FTVAR_URLP parameters to (a) forum/include/error/autherror.cfm, and the (3) FTVAR_SCRIPTRUN parameter to (b) forum/include/common/comfinish.cfm and (c) blog/include/common/comfinish.cfm.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:fusetalk:fusetalk:2.0:-:basic:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AA9170F9-39A6-4D0E-9FEB-F42ABB200327"
          },
          {
            "criteria": "cpe:2.3:a:fusetalk:fusetalk:2.0:-:coldfusion:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07852527-966F-471A-B9AD-09D3C7EC6B78"
          },
          {
            "criteria": "cpe:2.3:a:fusetalk:fusetalk:2.0:-:enterprise:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A5FD0C21-DC7B-4DE5-BDA1-501BE6DABDE5"
          },
          {
            "criteria": "cpe:2.3:a:fusetalk:fusetalk:2.0:-:standard:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3197418B-97D4-4505-BFC8-C710853309DC"
          },
          {
            "criteria": "cpe:2.3:a:fusetalk:fusetalk:3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "90E4AB45-DE6F-4903-8D81-065B715C10EB"
          },
          {
            "criteria": "cpe:2.3:a:fusetalk:fusetalk:3.0:-:basic:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "763078B4-4E57-4503-A753-C3BF6410C182"
          },
          {
            "criteria": "cpe:2.3:a:fusetalk:fusetalk:3.0:-:coldfusion:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AAF418F0-D5FA-48C5-BA12-7C6B146A1D3A"
          },
          {
            "criteria": "cpe:2.3:a:fusetalk:fusetalk:3.0:-:enterprise:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD937265-6F59-4227-9A6D-A6769079D9AD"
          },
          {
            "criteria": "cpe:2.3:a:fusetalk:fusetalk:3.0:-:standard:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "57EEA798-C6BF-4E02-85DD-1CB5818219E2"
          },
          {
            "criteria": "cpe:2.3:a:fusetalk:fusetalk:3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "54BF24F1-CAFE-4528-B1CF-2063FD4E0A13"
          },
          {
            "criteria": "cpe:2.3:a:fusetalk:fusetalk:4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3F1A79E1-CBD0-424B-91B5-682601CD6731"
          },
          {
            "criteria": "cpe:2.3:a:fusetalk:fusetalk:4.0:-:basic:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C917460C-29E0-4755-92ED-EC74730502CD"
          },
          {
            "criteria": "cpe:2.3:a:fusetalk:fusetalk:4.0:-:coldfusion:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A4AE0BED-375A-4186-95AA-E01141EEA613"
          },
          {
            "criteria": "cpe:2.3:a:fusetalk:fusetalk:4.0:-:enterprise:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5349749D-2110-43AF-968E-8CD79E890E41"
          },
          {
            "criteria": "cpe:2.3:a:fusetalk:fusetalk:4.0:-:standard:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8D05C005-C819-4769-855C-8C0A247A901F"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References