Vulnerability Details : CVE-2007-2781
Cross-site scripting (XSS) vulnerability in include/sessionRegister.php in WikyBlog before 1.4.13 allows remote attackers to inject arbitrary web script or HTML, probably via vectors related to a certain data2 array element.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2007-2781
- cpe:2.3:a:wikyblog:wikyblog:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-2781
2.95%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 91 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-2781
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
References for CVE-2007-2781
-
http://wikyblog.svn.sourceforge.net/viewvc/wikyblog/trunk/include/sessionRegister.php?view=log
-
http://sourceforge.net/project/shownotes.php?release_id=509254
-
http://wikyblog.svn.sourceforge.net/viewvc/wikyblog/trunk/include/sessionRegister.php?r1=127&r2=133
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/34373
Jump to