cvelistv5 - cve-2007-5582

CVE-2007-5582 (GCVE-0-2007-5582)

Vulnerability from cvelistv5 – Published: 2007-12-15 01:00 – Updated: 2024-08-07 15:39

Summary

Severity ?

No CVSS data available.

CWE

Assigner

cisco

References

URL

Tags

	http://securitytracker.com/id?1019043	vdb-entryx_refsource_SECTRACK
	http://www.vupen.com/english/advisories/2007/4102	vdb-entryx_refsource_VUPEN
	http://www.liquidmatrix.org/blog/2007/12/05/advis…	x_refsource_MISC
	http://www.securityfocus.com/archive/1/484609/100…	mailing-listx_refsource_BUGTRAQ
	http://securityreason.com/securityalert/3449	third-party-advisoryx_refsource_SREASON
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.securityfocus.com/bid/26708	vdb-entryx_refsource_BID
	http://www.cisco.com/warp/public/707/cisco-sr-200…	vendor-advisoryx_refsource_CISCO
	http://tools.cisco.com/Support/BugToolKit/search/…	x_refsource_CONFIRM
	http://secunia.com/advisories/27902	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:39:12.447Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1019043",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1019043"
          },
          {
            "name": "ADV-2007-4102",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/4102"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.liquidmatrix.org/blog/2007/12/05/advisory-cross-site-scripting-in-ciscoworks/"
          },
          {
            "name": "20071205 Advisory: Cross Site Scripting in CiscoWorks",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/484609/100/0/threaded"
          },
          {
            "name": "3449",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/3449"
          },
          {
            "name": "ciscoworks-cs-loginpage-xss(38862)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38862"
          },
          {
            "name": "26708",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/26708"
          },
          {
            "name": "20071205 CiscoWorks Server XSS Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/warp/public/707/cisco-sr-20071205-cw.shtml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails\u0026bugId=CSCsk69289"
          },
          {
            "name": "27902",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27902"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-12-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the login page in Cisco CiscoWorks Server (CS), possibly 2.6 and earlier, when using CiscoWorks Common Services 3.0.x and 3.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1019043",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1019043"
        },
        {
          "name": "ADV-2007-4102",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/4102"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.liquidmatrix.org/blog/2007/12/05/advisory-cross-site-scripting-in-ciscoworks/"
        },
        {
          "name": "20071205 Advisory: Cross Site Scripting in CiscoWorks",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/484609/100/0/threaded"
        },
        {
          "name": "3449",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/3449"
        },
        {
          "name": "ciscoworks-cs-loginpage-xss(38862)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38862"
        },
        {
          "name": "26708",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/26708"
        },
        {
          "name": "20071205 CiscoWorks Server XSS Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/warp/public/707/cisco-sr-20071205-cw.shtml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails\u0026bugId=CSCsk69289"
        },
        {
          "name": "27902",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27902"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2007-5582",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the login page in Cisco CiscoWorks Server (CS), possibly 2.6 and earlier, when using CiscoWorks Common Services 3.0.x and 3.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1019043",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1019043"
            },
            {
              "name": "ADV-2007-4102",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/4102"
            },
            {
              "name": "http://www.liquidmatrix.org/blog/2007/12/05/advisory-cross-site-scripting-in-ciscoworks/",
              "refsource": "MISC",
              "url": "http://www.liquidmatrix.org/blog/2007/12/05/advisory-cross-site-scripting-in-ciscoworks/"
            },
            {
              "name": "20071205 Advisory: Cross Site Scripting in CiscoWorks",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/484609/100/0/threaded"
            },
            {
              "name": "3449",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/3449"
            },
            {
              "name": "ciscoworks-cs-loginpage-xss(38862)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38862"
            },
            {
              "name": "26708",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/26708"
            },
            {
              "name": "20071205 CiscoWorks Server XSS Vulnerability",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/warp/public/707/cisco-sr-20071205-cw.shtml"
            },
            {
              "name": "http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails\u0026bugId=CSCsk69289",
              "refsource": "CONFIRM",
              "url": "http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails\u0026bugId=CSCsk69289"
            },
            {
              "name": "27902",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27902"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2007-5582",
    "datePublished": "2007-12-15T01:00:00",
    "dateReserved": "2007-10-19T00:00:00",
    "dateUpdated": "2024-08-07T15:39:12.447Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:ciscoworks_server:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.6\", \"matchCriteriaId\": \"AB019E66-471E-44BA-BE69-55A2DC867FF0\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cross-site scripting (XSS) vulnerability in the login page in Cisco CiscoWorks Server (CS), possibly 2.6 and earlier, when using CiscoWorks Common Services 3.0.x and 3.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la p\\u00e1gina de inicio de sesi\\u00f3n de Cisco CiscoWorks Server (CS), posiblemente 2.6 y anteriores, al utilizar CiscoWorks Common Services 3.0.x y 3.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\\u00f3n mediante vectores no especificados.\"}]",
      "id": "CVE-2007-5582",
      "lastModified": "2024-11-21T00:38:14.973",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2007-12-15T01:46:00.000",
      "references": "[{\"url\": \"http://secunia.com/advisories/27902\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://securityreason.com/securityalert/3449\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://securitytracker.com/id?1019043\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails\u0026bugId=CSCsk69289\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://www.cisco.com/warp/public/707/cisco-sr-20071205-cw.shtml\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.liquidmatrix.org/blog/2007/12/05/advisory-cross-site-scripting-in-ciscoworks/\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://www.securityfocus.com/archive/1/484609/100/0/threaded\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://www.securityfocus.com/bid/26708\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/4102\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/38862\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://secunia.com/advisories/27902\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securityreason.com/securityalert/3449\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securitytracker.com/id?1019043\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails\u0026bugId=CSCsk69289\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.cisco.com/warp/public/707/cisco-sr-20071205-cw.shtml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.liquidmatrix.org/blog/2007/12/05/advisory-cross-site-scripting-in-ciscoworks/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/484609/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/26708\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/4102\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/38862\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-5582\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2007-12-15T01:46:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site scripting (XSS) vulnerability in the login page in Cisco CiscoWorks Server (CS), possibly 2.6 and earlier, when using CiscoWorks Common Services 3.0.x and 3.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la p\u00e1gina de inicio de sesi\u00f3n de Cisco CiscoWorks Server (CS), posiblemente 2.6 y anteriores, al utilizar CiscoWorks Common Services 3.0.x y 3.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante vectores no especificados.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:ciscoworks_server:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.6\",\"matchCriteriaId\":\"AB019E66-471E-44BA-BE69-55A2DC867FF0\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/27902\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://securityreason.com/securityalert/3449\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://securitytracker.com/id?1019043\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails\u0026bugId=CSCsk69289\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://www.cisco.com/warp/public/707/cisco-sr-20071205-cw.shtml\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.liquidmatrix.org/blog/2007/12/05/advisory-cross-site-scripting-in-ciscoworks/\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/484609/100/0/threaded\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://www.securityfocus.com/bid/26708\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/4102\",\"source\":\"psirt@cisco.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/38862\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://secunia.com/advisories/27902\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securityreason.com/securityalert/3449\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1019043\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails\u0026bugId=CSCsk69289\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.cisco.com/warp/public/707/cisco-sr-20071205-cw.shtml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.liquidmatrix.org/blog/2007/12/05/advisory-cross-site-scripting-in-ciscoworks/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/484609/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/26708\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/4102\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/38862\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

VAR-200712-0411

Vulnerability from variot - Updated: 2023-12-18 13:04

Cross-site scripting (XSS) vulnerability in the login page in Cisco CiscoWorks Server (CS), possibly 2.6 and earlier, when using CiscoWorks Common Services 3.0.x and 3.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. CiscoWorks is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. CiscoWorks 2.6 is vulnerable; other versions may also be affected.

2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published

How do you know which Secunia advisories are important to you?

The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively.

Get a free trial of the Secunia Vulnerability Intelligence Solutions: http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv

TITLE: CiscoWorks Common Services Cross-Site Scripting Vulnerability

SECUNIA ADVISORY ID: SA27902

VERIFY ADVISORY: http://secunia.com/advisories/27902/

CRITICAL: Less critical

IMPACT: Cross Site Scripting

WHERE:

From remote

SOFTWARE: CiscoWorks Common Services Software 3.x http://secunia.com/product/6330/

DESCRIPTION: Dave Lewis has reported a vulnerability in CiscoWorks Common Services, which can be exploited by malicious people to conduct cross-site scripting attacks.

Unspecified input passed to the CiscoWorks Server login page is not properly sanitised before being returned to the user.

The vulnerability is reported in CiscoWorks Common Services 3.0.x and 3.1 for both Solaris and Windows systems.

SOLUTION: Apply vendor patch (registered customers). http://www.cisco.com/pcgi-bin/tablebuild.pl/cw2000-cd-one

PROVIDED AND/OR DISCOVERED BY: Dave Lewis

ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sr-20071205-cw.shtml

Liquidmatrix: http://www.liquidmatrix.org/blog/2007/12/05/advisory-cross-site-scripting-in-ciscoworks/

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200712-0411",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ciscoworks server",
        "scope": "lte",
        "trust": 1.8,
        "vendor": "cisco",
        "version": "2.6"
      },
      {
        "model": "ciscoworks common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "ciscoworks common services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.0"
      },
      {
        "model": "ciscoworks",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.6"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "26708"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002809"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-5582"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:ciscoworks_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.6",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-5582"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Dave Lewis is credited with the discovery of this vulnerability.",
    "sources": [
      {
        "db": "BID",
        "id": "26708"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2007-5582",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2007-5582",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-28944",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2007-5582",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200712-411",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-28944",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-28944"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002809"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-5582"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200712-411"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cross-site scripting (XSS) vulnerability in the login page in Cisco CiscoWorks Server (CS), possibly 2.6 and earlier, when using CiscoWorks Common Services 3.0.x and 3.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. CiscoWorks is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. \nCiscoWorks 2.6 is vulnerable; other versions may also be affected. \n\n----------------------------------------------------------------------\n\n2003: 2,700 advisories published\n2004: 3,100 advisories published\n2005: 4,600 advisories published\n2006: 5,300 advisories published\n\nHow do you know which Secunia advisories are important to you?\n\nThe Secunia Vulnerability Intelligence Solutions allows you to filter\nand structure all the information you need, so you can address issues\neffectively. \n\nGet a free trial of the Secunia Vulnerability Intelligence Solutions:\nhttp://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv\n\n----------------------------------------------------------------------\n\nTITLE:\nCiscoWorks Common Services Cross-Site Scripting Vulnerability\n\nSECUNIA ADVISORY ID:\nSA27902\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/27902/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nCross Site Scripting\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nCiscoWorks Common Services Software 3.x\nhttp://secunia.com/product/6330/\n\nDESCRIPTION:\nDave Lewis has reported a vulnerability in CiscoWorks Common\nServices, which can be exploited by malicious people to conduct\ncross-site scripting attacks. \n\nUnspecified input passed to the CiscoWorks Server login page is not\nproperly sanitised before being returned to the user. \n\nThe vulnerability is reported in CiscoWorks Common Services 3.0.x and\n3.1 for both Solaris and Windows systems. \n\nSOLUTION:\nApply vendor patch (registered customers). \nhttp://www.cisco.com/pcgi-bin/tablebuild.pl/cw2000-cd-one\n\nPROVIDED AND/OR DISCOVERED BY:\nDave Lewis\n\nORIGINAL ADVISORY:\nCisco:\nhttp://www.cisco.com/warp/public/707/cisco-sr-20071205-cw.shtml\n\nLiquidmatrix:\nhttp://www.liquidmatrix.org/blog/2007/12/05/advisory-cross-site-scripting-in-ciscoworks/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-5582"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002809"
      },
      {
        "db": "BID",
        "id": "26708"
      },
      {
        "db": "VULHUB",
        "id": "VHN-28944"
      },
      {
        "db": "PACKETSTORM",
        "id": "61551"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2007-5582",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "26708",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "27902",
        "trust": 1.8
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-4102",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1019043",
        "trust": 1.7
      },
      {
        "db": "SREASON",
        "id": "3449",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002809",
        "trust": 0.8
      },
      {
        "db": "BUGTRAQ",
        "id": "20071205 ADVISORY: CROSS SITE SCRIPTING IN CISCOWORKS",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "38862",
        "trust": 0.6
      },
      {
        "db": "CISCO",
        "id": "20071205 CISCOWORKS SERVER XSS VULNERABILITY",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200712-411",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-28944",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "61551",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-28944"
      },
      {
        "db": "BID",
        "id": "26708"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002809"
      },
      {
        "db": "PACKETSTORM",
        "id": "61551"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-5582"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200712-411"
      }
    ]
  },
  "id": "VAR-200712-0411",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-28944"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:04:55.233000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Document ID: 605",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityresponse/cisco-sr-20071205-cw"
      },
      {
        "title": "Cisco CiscoWorks Server Fixes for cross-site scripting vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=175103"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002809"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200712-411"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-28944"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002809"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-5582"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "http://www.cisco.com/warp/public/707/cisco-sr-20071205-cw.shtml"
      },
      {
        "trust": 1.8,
        "url": "http://www.liquidmatrix.org/blog/2007/12/05/advisory-cross-site-scripting-in-ciscoworks/"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/26708"
      },
      {
        "trust": 1.7,
        "url": "http://securitytracker.com/id?1019043"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/27902"
      },
      {
        "trust": 1.7,
        "url": "http://securityreason.com/securityalert/3449"
      },
      {
        "trust": 1.7,
        "url": "http://www.vupen.com/english/advisories/2007/4102"
      },
      {
        "trust": 1.6,
        "url": "http://tools.cisco.com/support/bugtoolkit/search/getbugdetails.do?method=fetchbugdetails\u0026bugid=cscsk69289"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/484609/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38862"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5582"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-5582"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/484609/100/0/threaded"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/38862"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/484609"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/support/bugtoolkit/search/getbugdetails.do?method=fetchbugdetails\u0026amp;bugid=cscsk69289"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/pcgi-bin/tablebuild.pl/cw2000-cd-one"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6330/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/27902/"
      },
      {
        "trust": 0.1,
        "url": "http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-28944"
      },
      {
        "db": "BID",
        "id": "26708"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002809"
      },
      {
        "db": "PACKETSTORM",
        "id": "61551"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-5582"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200712-411"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-28944"
      },
      {
        "db": "BID",
        "id": "26708"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002809"
      },
      {
        "db": "PACKETSTORM",
        "id": "61551"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-5582"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200712-411"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-12-15T00:00:00",
        "db": "VULHUB",
        "id": "VHN-28944"
      },
      {
        "date": "2007-12-05T00:00:00",
        "db": "BID",
        "id": "26708"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-002809"
      },
      {
        "date": "2007-12-07T16:22:07",
        "db": "PACKETSTORM",
        "id": "61551"
      },
      {
        "date": "2007-12-15T01:46:00",
        "db": "NVD",
        "id": "CVE-2007-5582"
      },
      {
        "date": "2007-12-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200712-411"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-15T00:00:00",
        "db": "VULHUB",
        "id": "VHN-28944"
      },
      {
        "date": "2007-12-06T00:22:00",
        "db": "BID",
        "id": "26708"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-002809"
      },
      {
        "date": "2018-10-15T21:45:39.737000",
        "db": "NVD",
        "id": "CVE-2007-5582"
      },
      {
        "date": "2021-12-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200712-411"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200712-411"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco CiscoWorks Server (CS) Login page cross-site scripting vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002809"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "xss",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "61551"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200712-411"
      }
    ],
    "trust": 0.7
  }
}

FKIE_CVE-2007-5582

Vulnerability from fkie_nvd - Published: 2007-12-15 01:46 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
psirt@cisco.com	http://secunia.com/advisories/27902
psirt@cisco.com	http://securityreason.com/securityalert/3449
psirt@cisco.com	http://securitytracker.com/id?1019043
psirt@cisco.com	http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsk69289
psirt@cisco.com	http://www.cisco.com/warp/public/707/cisco-sr-20071205-cw.shtml	Patch
psirt@cisco.com	http://www.liquidmatrix.org/blog/2007/12/05/advisory-cross-site-scripting-in-ciscoworks/
psirt@cisco.com	http://www.securityfocus.com/archive/1/484609/100/0/threaded
psirt@cisco.com	http://www.securityfocus.com/bid/26708
psirt@cisco.com	http://www.vupen.com/english/advisories/2007/4102
psirt@cisco.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/38862
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27902
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/3449
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1019043
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsk69289
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/warp/public/707/cisco-sr-20071205-cw.shtml	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.liquidmatrix.org/blog/2007/12/05/advisory-cross-site-scripting-in-ciscoworks/
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/484609/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/26708
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/4102
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/38862

Impacted products

	Vendor	Product	Version
	cisco	ciscoworks_server	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB019E66-471E-44BA-BE69-55A2DC867FF0",
              "versionEndIncluding": "2.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the login page in Cisco CiscoWorks Server (CS), possibly 2.6 and earlier, when using CiscoWorks Common Services 3.0.x and 3.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la p\u00e1gina de inicio de sesi\u00f3n de Cisco CiscoWorks Server (CS), posiblemente 2.6 y anteriores, al utilizar CiscoWorks Common Services 3.0.x y 3.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante vectores no especificados."
    }
  ],
  "id": "CVE-2007-5582",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-12-15T01:46:00.000",
  "references": [
    {
      "source": "psirt@cisco.com",
      "url": "http://secunia.com/advisories/27902"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://securityreason.com/securityalert/3449"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://securitytracker.com/id?1019043"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails\u0026bugId=CSCsk69289"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.cisco.com/warp/public/707/cisco-sr-20071205-cw.shtml"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.liquidmatrix.org/blog/2007/12/05/advisory-cross-site-scripting-in-ciscoworks/"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securityfocus.com/archive/1/484609/100/0/threaded"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securityfocus.com/bid/26708"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.vupen.com/english/advisories/2007/4102"
    },
    {
      "source": "psirt@cisco.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38862"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27902"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/3449"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1019043"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails\u0026bugId=CSCsk69289"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.cisco.com/warp/public/707/cisco-sr-20071205-cw.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.liquidmatrix.org/blog/2007/12/05/advisory-cross-site-scripting-in-ciscoworks/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/484609/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/26708"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/4102"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38862"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2007-AVI-530

Vulnerability from certfr_avis - Published: - Updated:

L'interface CiscoWorks contient une vulnérabilité permettant de réaliser une injection de code indirecte.

Description

CiscoWorks est une suite d'outils, réalisés en Java, utilisés pour paramétrer les réseaux possédant des équipements Cisco. Ils sont accessibles via une interface web qui accepte des arguments qui ne sont pas correctement contrôlés. Un utilisateur malveillant peut utiliser ces arguments pour réaliser une injection de code indirecte et exécuter du code web arbitraire (HTTP et script) dans le navigateur d'un utilisateur et cela dans le contexte du site CiscoWorks.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	CiscoWorks Common Services 3.0.x;
	N/A	N/A	CiscoWorks Common Services 3.1.

References

Title

Publication Time

Tags

Bulletin de sécurité de Cisco 100240 du 5 décembre 2007	None	vendor-advisory
Bulletin de sécurité Cisco 100240 du 05 décembre 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "CiscoWorks Common Services 3.0.x;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CiscoWorks Common Services 3.1.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nCiscoWorks est une suite d\u0027outils, r\u00e9alis\u00e9s en Java, utilis\u00e9s pour\nparam\u00e9trer les r\u00e9seaux poss\u00e9dant des \u00e9quipements Cisco. Ils sont\naccessibles via une interface web qui accepte des arguments qui ne sont\npas correctement contr\u00f4l\u00e9s. Un utilisateur malveillant peut utiliser ces\narguments pour r\u00e9aliser une injection de code indirecte et ex\u00e9cuter du\ncode web arbitraire (HTTP et script) dans le navigateur d\u0027un utilisateur\net cela dans le contexte du site CiscoWorks.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-5582",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5582"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco 100240 du 05 d\u00e9cembre 2007 :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sr-20071205-cws.shtml"
    }
  ],
  "reference": "CERTA-2007-AVI-530",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-12-07T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte"
    }
  ],
  "summary": "L\u0027interface CiscoWorks contient une vuln\u00e9rabilit\u00e9 permettant de r\u00e9aliser\nune injection de code indirecte.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans CiscoWorks",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 de Cisco 100240 du 5 d\u00e9cembre 2007",
      "url": null
    }
  ]
}

CERTA-2007-AVI-530

Vulnerability from certfr_avis - Published: - Updated:

L'interface CiscoWorks contient une vulnérabilité permettant de réaliser une injection de code indirecte.

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	CiscoWorks Common Services 3.0.x;
	N/A	N/A	CiscoWorks Common Services 3.1.

References

Title

Publication Time

Tags

Bulletin de sécurité de Cisco 100240 du 5 décembre 2007	None	vendor-advisory
Bulletin de sécurité Cisco 100240 du 05 décembre 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "CiscoWorks Common Services 3.0.x;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CiscoWorks Common Services 3.1.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nCiscoWorks est une suite d\u0027outils, r\u00e9alis\u00e9s en Java, utilis\u00e9s pour\nparam\u00e9trer les r\u00e9seaux poss\u00e9dant des \u00e9quipements Cisco. Ils sont\naccessibles via une interface web qui accepte des arguments qui ne sont\npas correctement contr\u00f4l\u00e9s. Un utilisateur malveillant peut utiliser ces\narguments pour r\u00e9aliser une injection de code indirecte et ex\u00e9cuter du\ncode web arbitraire (HTTP et script) dans le navigateur d\u0027un utilisateur\net cela dans le contexte du site CiscoWorks.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-5582",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5582"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco 100240 du 05 d\u00e9cembre 2007 :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sr-20071205-cws.shtml"
    }
  ],
  "reference": "CERTA-2007-AVI-530",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-12-07T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte"
    }
  ],
  "summary": "L\u0027interface CiscoWorks contient une vuln\u00e9rabilit\u00e9 permettant de r\u00e9aliser\nune injection de code indirecte.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans CiscoWorks",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 de Cisco 100240 du 5 d\u00e9cembre 2007",
      "url": null
    }
  ]
}

GHSA-PG33-RR7H-35V7

Vulnerability from github – Published: 2022-05-01 18:34 – Updated: 2025-04-09 03:49

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-5582"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-12-15T01:46:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site scripting (XSS) vulnerability in the login page in Cisco CiscoWorks Server (CS), possibly 2.6 and earlier, when using CiscoWorks Common Services 3.0.x and 3.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",
  "id": "GHSA-pg33-rr7h-35v7",
  "modified": "2025-04-09T03:49:14Z",
  "published": "2022-05-01T18:34:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5582"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38862"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27902"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/3449"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1019043"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails\u0026bugId=CSCsk69289"
    },
    {
      "type": "WEB",
      "url": "http://www.cisco.com/warp/public/707/cisco-sr-20071205-cw.shtml"
    },
    {
      "type": "WEB",
      "url": "http://www.liquidmatrix.org/blog/2007/12/05/advisory-cross-site-scripting-in-ciscoworks"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/484609/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/26708"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/4102"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2007-5582

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-5582

Aliases

CVE-2007-5582

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-5582",
    "description": "Cross-site scripting (XSS) vulnerability in the login page in Cisco CiscoWorks Server (CS), possibly 2.6 and earlier, when using CiscoWorks Common Services 3.0.x and 3.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",
    "id": "GSD-2007-5582"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-5582"
      ],
      "details": "Cross-site scripting (XSS) vulnerability in the login page in Cisco CiscoWorks Server (CS), possibly 2.6 and earlier, when using CiscoWorks Common Services 3.0.x and 3.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",
      "id": "GSD-2007-5582",
      "modified": "2023-12-13T01:21:41.155150Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2007-5582",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site scripting (XSS) vulnerability in the login page in Cisco CiscoWorks Server (CS), possibly 2.6 and earlier, when using CiscoWorks Common Services 3.0.x and 3.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1019043",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1019043"
          },
          {
            "name": "ADV-2007-4102",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/4102"
          },
          {
            "name": "http://www.liquidmatrix.org/blog/2007/12/05/advisory-cross-site-scripting-in-ciscoworks/",
            "refsource": "MISC",
            "url": "http://www.liquidmatrix.org/blog/2007/12/05/advisory-cross-site-scripting-in-ciscoworks/"
          },
          {
            "name": "20071205 Advisory: Cross Site Scripting in CiscoWorks",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/484609/100/0/threaded"
          },
          {
            "name": "3449",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/3449"
          },
          {
            "name": "ciscoworks-cs-loginpage-xss(38862)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38862"
          },
          {
            "name": "26708",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/26708"
          },
          {
            "name": "20071205 CiscoWorks Server XSS Vulnerability",
            "refsource": "CISCO",
            "url": "http://www.cisco.com/warp/public/707/cisco-sr-20071205-cw.shtml"
          },
          {
            "name": "http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails\u0026bugId=CSCsk69289",
            "refsource": "CONFIRM",
            "url": "http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails\u0026bugId=CSCsk69289"
          },
          {
            "name": "27902",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/27902"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:ciscoworks_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.6",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2007-5582"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the login page in Cisco CiscoWorks Server (CS), possibly 2.6 and earlier, when using CiscoWorks Common Services 3.0.x and 3.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.liquidmatrix.org/blog/2007/12/05/advisory-cross-site-scripting-in-ciscoworks/",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.liquidmatrix.org/blog/2007/12/05/advisory-cross-site-scripting-in-ciscoworks/"
            },
            {
              "name": "http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails\u0026bugId=CSCsk69289",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails\u0026bugId=CSCsk69289"
            },
            {
              "name": "20071205 CiscoWorks Server XSS Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Patch"
              ],
              "url": "http://www.cisco.com/warp/public/707/cisco-sr-20071205-cw.shtml"
            },
            {
              "name": "26708",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/26708"
            },
            {
              "name": "1019043",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1019043"
            },
            {
              "name": "27902",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/27902"
            },
            {
              "name": "3449",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/3449"
            },
            {
              "name": "ADV-2007-4102",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/4102"
            },
            {
              "name": "ciscoworks-cs-loginpage-xss(38862)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38862"
            },
            {
              "name": "20071205 Advisory: Cross Site Scripting in CiscoWorks",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/484609/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-15T21:45Z",
      "publishedDate": "2007-12-15T01:46Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-5582 (GCVE-0-2007-5582)

VAR-200712-0411

FKIE_CVE-2007-5582

CERTA-2007-AVI-530

Description

Solution

CERTA-2007-AVI-530

Description

Solution

GHSA-PG33-RR7H-35V7

GSD-2007-5582

Tags

Sightings

Nomenclature