CVE-2007-6307

Опубликовано: 11 дек. 2007

Источник: nvd

CVSS2: 4.3

EPSS Средний

Описание

Multiple cross-site scripting (XSS) vulnerabilities in clickstats.php in wwwstats 3.21 allow remote attackers to inject arbitrary web script or HTML via (1) the link parameter or (2) the User-Agent HTTP header.

Ссылки

http://secunia.com/advisories/28002
Vendor Advisory
http://securityreason.com/securityalert/3431
http://www.securityfocus.com/archive/1/484727/100/0/threaded
http://www.securityfocus.com/bid/26759
Exploit
Patch
http://www.timeprog.com/wwwstats/
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/38925
http://secunia.com/advisories/28002
Vendor Advisory
http://securityreason.com/securityalert/3431
http://www.securityfocus.com/archive/1/484727/100/0/threaded
http://www.securityfocus.com/bid/26759
Exploit
Patch
http://www.timeprog.com/wwwstats/
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/38925

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:jfree:jfreechart:1.0.8:*:*:*:*:*:*:*

EPSS

Процентиль: 93%

0.1133

Средний

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-7h4g-rrxq-xf2c

github

почти 4 года назад