Vulnerability Details : CVE-2007-4239
Cross-site scripting (XSS) vulnerability in user/forgotPassStep2.jsp in the admin interface in C-SAM oneWallet 210_07062007;1.0 allows remote attackers to inject arbitrary web script or HTML via the loginID parameter.
Vulnerability category: Cross site scripting (XSS)
Exploit prediction scoring system (EPSS) score for CVE-2007-4239
Probability of exploitation activity in the next 30 days: 0.27%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 66 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2007-4239
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
Vendor statements for CVE-2007-4239
-
C-SAM 2007-08-09The version on which this vulnerability has been detected is a pre-release (non-commercial) version of the OneWallet platform. The current version of the product does not have the vulnerability in question (namely, XSS TYPE 1). C-SAM takes utmost care in ensuring the security of its products and will proactively release patches from time to time to address such issues.
- cpe:2.3:a:c-sam:onewallet:210_07062007_1.0:*:*:*:*:*:*:*