Mondoo

Vulnerability Management
Technology
Services

Solutions

Financial Services
Manufacturing
Healthcare

Resources

Blog
Vulnerability Database
Documentation
GitHub

Company

About
Careers
Partners
Contact

Legal

Privacy
Terms
Imprint

Log in Get Assessment

Vulnerability IntelligenceCVE-2007-3555

CVE-2007-3555

UNKNOWN

Cross-site scripting (XSS) vulnerability in index

Published Jul 4, 2007

Modified 1 years ago

Details

Cross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1 allows remote attackers to inject arbitrary web script or HTML via a style expression in the search parameter, a different vulnerability than CVE-2004-1424.

References

ADVISORY

http://secunia.com/advisories/25929

ADVISORY

http://securityreason.com/securityalert/2857

WEB

http://securityvulns.ru/Rdocument391.html

WEB

http://tracker.moodle.org/browse/MDL-10341

WEB

http://tracker.moodle.org/secure/IssueNavigator.jspa?mode=hide&requestId=10252

WEB

http://websecurity.com.ua/1045/

ADVISORY

http://www.debian.org/security/2008/dsa-1691

WEB

http://www.osvdb.org/36366

WEB

http://www.securityfocus.com/archive/1/472727/100/0/threaded

WEB

http://www.securityfocus.com/bid/24748

WEB

http://www.securitytracker.com/id?1018333

WEB

https://exchange.xforce.ibmcloud.com/vulnerabilities/35239

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2007-3555

CVSS Analysis

CVSS v2.0

4.3

Exploitability

Access Vector

NetworkAV:N

Access Complexity

MediumAC:M

Authentication

NoneAu:N

Impact

Confidentiality

NoneC:N

Integrity

PartialI:P

Availability

NoneA:N

4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N

Ecosystems

Timeline

PublishedJul 4, 2007

ModifiedAug 7, 2024

CVE-2007-3555 | Mondoo Vulnerability Intelligence