CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2007-1848

Cross-site scripting (XSS) vulnerability in admin/classes/ui.dta.php in Drake CMS allows remote attackers to inject arbitrary web script or HTML via the desc[][title] field. NOTE: Drake CMS has only a beta version available, and the vendor has previously stated "We do not consider security reports valid until the first official release of Drake CMS."

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 51.6%

CVSS Severity

CVSS v2 Score 4.3

References

http://securityreason.com/securityalert/2522
http://www.securityfocus.com/archive/1/464272/100/0/threaded
http://www.securityfocus.com/bid/23216
https://exchange.xforce.ibmcloud.com/vulnerabilities/33332
http://securityreason.com/securityalert/2522
http://www.securityfocus.com/archive/1/464272/100/0/threaded
http://www.securityfocus.com/bid/23216
https://exchange.xforce.ibmcloud.com/vulnerabilities/33332

Products affected by CVE-2007-1848

Drake Team » Drake Cms » Version: 0.3.7

cpe:2.3:a:drake_team:drake_cms:0.3.7
Drake Team » Drake Cms » Version: 0.3.7_beta

cpe:2.3:a:drake_team:drake_cms:0.3.7_beta

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2007-1848

Products

Pricing

Contact Us