CVE-2007-0807 - OpenCVE

Cross-site scripting (XSS) vulnerability in info.php in flashChat 4.7.8 allows remote attackers to inject arbitrary web script or HTML via a channel title (aka room name) that is not properly handled by the "who's online" feature.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Darrens 5-dollar Script Archive	Flashchat

Configuration 1 [-]

cpe:2.3:a:darrens_5-dollar_script_archive:flashchat:4.7.8:*:*:*:*:*:*:*

References

Link	Resource
http://secunia.com/advisories/24071
http://securityreason.com/securityalert/2228
http://www.securityfocus.com/archive/1/459160/100/0/threaded
http://www.securityfocus.com/bid/22411
http://www.vupen.com/english/advisories/2007/0495
https://exchange.xforce.ibmcloud.com/vulnerabilities/32208

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-02-07T11:00:00

Updated: 2018-10-16T14:57:01

Reserved: 2007-02-07T00:00:00

Link: CVE-2007-0807

JSON object: View

NVD Information

Status : Modified

Published: 2007-02-07T11:28:00.000

Modified: 2018-10-16T16:34:51.107

Link: CVE-2007-0807

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-02-05T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in info.php in flashChat 4.7.8 allows remote attackers to inject arbitrary web script or HTML via a channel title (aka room name) that is not properly handled by the \"who's online\" feature."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "22411", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/22411"}, {"name": "20070205 flashChat 4.7.8 Cross Site Scripting Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/459160/100/0/threaded"}, {"name": "ADV-2007-0495", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/0495"}, {"name": "2228", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2228"}, {"name": "24071", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24071"}, {"name": "flashchat-info-xss(32208)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32208"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-0807", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in info.php in flashChat 4.7.8 allows remote attackers to inject arbitrary web script or HTML via a channel title (aka room name) that is not properly handled by the \"who's online\" feature."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "22411", "refsource": "BID", "url": "http://www.securityfocus.com/bid/22411"}, {"name": "20070205 flashChat 4.7.8 Cross Site Scripting Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/459160/100/0/threaded"}, {"name": "ADV-2007-0495", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0495"}, {"name": "2228", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2228"}, {"name": "24071", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24071"}, {"name": "flashchat-info-xss(32208)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32208"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-0807", "datePublished": "2007-02-07T11:00:00", "dateReserved": "2007-02-07T00:00:00", "dateUpdated": "2018-10-16T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:darrens_5-dollar_script_archive:flashchat:4.7.8:*:*:*:*:*:*:*", "matchCriteriaId": "52B9592A-B9EE-40D4-AF19-41A0D51C5315", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in info.php in flashChat 4.7.8 allows remote attackers to inject arbitrary web script or HTML via a channel title (aka room name) that is not properly handled by the \"who's online\" feature."}, {"lang": "es", "value": "Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en el archivo info.php en flashChat versi\u00f3n 4.7.8 permite a los atacantes remotos inyectar script web o HTML arbitrario por medio de un t\u00edtulo Channel (tambi\u00e9n se conoce como nombre room) que se maneja de manera inapropiada con la funci\u00f3n \"who's online\"."}], "id": "CVE-2007-0807", "lastModified": "2018-10-16T16:34:51.107", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-02-07T11:28:00.000", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/24071"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2228"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/459160/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/22411"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/0495"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32208"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}