Vulnerability Details CVE-2007-3396
Cross-site scripting (XSS) vulnerability in index.wkf in KeyFocus (KF) web server 3.1.0 allows remote attackers to inject arbitrary web script or HTML via the opsubmenu parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.092
EPSS Ranking 92.4%
CVSS Severity
CVSS v2 Score 4.3
References
- http://osvdb.org/36331
- http://secunia.com/advisories/25828
- http://securityreason.com/securityalert/2840
- http://www.keyfocus.net/kfws/support/index.php
- http://www.securityfocus.com/archive/1/472195/100/0/threaded
- http://www.securityfocus.com/archive/1/472273/100/0/threaded
- http://www.securityfocus.com/bid/24623
- http://www.vupen.com/english/advisories/2007/2331
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35042
- http://osvdb.org/36331
- http://secunia.com/advisories/25828
- http://securityreason.com/securityalert/2840
- http://www.keyfocus.net/kfws/support/index.php
- http://www.securityfocus.com/archive/1/472195/100/0/threaded
- http://www.securityfocus.com/archive/1/472273/100/0/threaded
- http://www.securityfocus.com/bid/24623
- http://www.vupen.com/english/advisories/2007/2331
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35042
Products affected by CVE-2007-3396
-
cpe:2.3:a:key_focus:kf_web_server:3.1.0