Vulnerability Details : CVE-2007-4239
Cross-site scripting (XSS) vulnerability in user/forgotPassStep2.jsp in the admin interface in C-SAM oneWallet 210_07062007;1.0 allows remote attackers to inject arbitrary web script or HTML via the loginID parameter.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2007-4239
- cpe:2.3:a:c-sam:onewallet:210_07062007_1.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-4239
0.29%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 69 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-4239
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
Vendor statements for CVE-2007-4239
-
C-SAM 2007-08-09The version on which this vulnerability has been detected is a pre-release (non-commercial) version of the OneWallet platform. The current version of the product does not have the vulnerability in question (namely, XSS TYPE 1). C-SAM takes utmost care in ensuring the security of its products and will proactively release patches from time to time to address such issues.
References for CVE-2007-4239
Jump to