Vulnerability Details CVE-2007-0407
Cross-site scripting (XSS) vulnerability in Operation/User.pm in Plain Black WebGUI before 7.3.5 (beta) allows remote attackers to inject arbitrary web script or HTML via the username parameter during anonymous registration, a different vector than CVE-2007-0308. NOTE: it is possible that a separate "WikiPage titles" issue was also fixed.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 75.5%
CVSS Severity
CVSS v2 Score 6.8
References
- http://osvdb.org/32928
- http://secunia.com/advisories/23754
- http://www.plainblack.com/bugs/tracker/security-update-cross-site-scripting-vulnerability
- http://www.plainblack.com/downloads/builds/7.3.5-beta/WebGUI/docs/changelog/7.x.x.txt
- http://www.securityfocus.com/bid/22114
- http://www.vupen.com/english/advisories/2007/0242
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31573
- http://osvdb.org/32928
- http://secunia.com/advisories/23754
- http://www.plainblack.com/bugs/tracker/security-update-cross-site-scripting-vulnerability
- http://www.plainblack.com/downloads/builds/7.3.5-beta/WebGUI/docs/changelog/7.x.x.txt
- http://www.securityfocus.com/bid/22114
- http://www.vupen.com/english/advisories/2007/0242
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31573
Products affected by CVE-2007-0407
-
cpe:2.3:a:plain_black:webgui:6.3.0
-
cpe:2.3:a:plain_black:webgui:6.4.0
-
cpe:2.3:a:plain_black:webgui:6.5.0
-
cpe:2.3:a:plain_black:webgui:6.5.1
-
cpe:2.3:a:plain_black:webgui:6.5.2
-
cpe:2.3:a:plain_black:webgui:6.5.3
-
cpe:2.3:a:plain_black:webgui:6.5.4
-
cpe:2.3:a:plain_black:webgui:6.5.5
-
cpe:2.3:a:plain_black:webgui:6.5.6
-
cpe:2.3:a:plain_black:webgui:6.6.0
-
cpe:2.3:a:plain_black:webgui:6.6.1
-
cpe:2.3:a:plain_black:webgui:6.6.2
-
cpe:2.3:a:plain_black:webgui:6.6.3
-
cpe:2.3:a:plain_black:webgui:6.6.4
-
cpe:2.3:a:plain_black:webgui:6.6.5
-
cpe:2.3:a:plain_black:webgui:6.7.0
-
cpe:2.3:a:plain_black:webgui:6.7.1
-
cpe:2.3:a:plain_black:webgui:6.7.2
-
cpe:2.3:a:plain_black:webgui:6.7.3
-
cpe:2.3:a:plain_black:webgui:6.7.4
-
cpe:2.3:a:plain_black:webgui:6.7.5
-
cpe:2.3:a:plain_black:webgui:6.7.6
-
cpe:2.3:a:plain_black:webgui:6.8.1
-
cpe:2.3:a:plain_black:webgui:6.8.2
-
cpe:2.3:a:plain_black:webgui:6.8.3
-
cpe:2.3:a:plain_black:webgui:6.8.4
-
cpe:2.3:a:plain_black:webgui:6.8.5
-
cpe:2.3:a:plain_black:webgui:6.8.6
-
cpe:2.3:a:plain_black:webgui:7.2.3
-
cpe:2.3:a:plain_black:webgui:7.3.4_beta