CVE-2007-3352

Опубликовано: 22 июн. 2007

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in the preview form in Stephen Ostermiller Contact Form before 2.00.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that contain an apostrophe.

Ссылки

http://bugzilla.ostermiller.com/show_bug.cgi?id=151
Patch
http://ostermiller.org/contactform/
http://osvdb.org/36372
http://secunia.com/advisories/25812
http://www.attrition.org/pipermail/vim/2007-June/001669.html
http://www.securityfocus.com/bid/24559
http://www.vupen.com/english/advisories/2007/2333
https://exchange.xforce.ibmcloud.com/vulnerabilities/34962
http://bugzilla.ostermiller.com/show_bug.cgi?id=151
Patch
http://ostermiller.org/contactform/
http://osvdb.org/36372
http://secunia.com/advisories/25812
http://www.attrition.org/pipermail/vim/2007-June/001669.html
http://www.securityfocus.com/bid/24559
http://www.vupen.com/english/advisories/2007/2333
https://exchange.xforce.ibmcloud.com/vulnerabilities/34962

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:stephen_ostermiller:contact_form:2.00.02:*:*:*:*:*:*:*

EPSS

Процентиль: 67%

0.00537

Низкий

4.3 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-534q-9f5r-pv5m

github

почти 4 года назад