{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-03-01T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in built2go News Manager Blog 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2) uid, and (3) nid parameters to (a) news.php, and the nid parameter to (b) rating.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "24334", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24334"}, {"name": "22783", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/22783"}, {"name": "newsmanagerblog-news-rating-xss(32772)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32772"}, {"name": "2343", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2343"}, {"name": "20070301 Built2Go v.1.0 => ( news.php & rating.php ) Cross Site Scripting", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/461672/100/0/threaded"}, {"name": "ADV-2007-0818", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/0818"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-1248", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in built2go News Manager Blog 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2) uid, and (3) nid parameters to (a) news.php, and the nid parameter to (b) rating.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "24334", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24334"}, {"name": "22783", "refsource": "BID", "url": "http://www.securityfocus.com/bid/22783"}, {"name": "newsmanagerblog-news-rating-xss(32772)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32772"}, {"name": "2343", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2343"}, {"name": "20070301 Built2Go v.1.0 => ( news.php & rating.php ) Cross Site Scripting", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/461672/100/0/threaded"}, {"name": "ADV-2007-0818", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0818"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-1248", "datePublished": "2007-03-03T20:00:00", "dateReserved": "2007-03-03T00:00:00", "dateUpdated": "2018-10-16T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:built2go:news_manager_blog:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "0D085B9C-83F3-481F-8F4E-327A08A9537C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in built2go News Manager Blog 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2) uid, and (3) nid parameters to (a) news.php, and the nid parameter to (b) rating.php."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en built2go News Manager Blog 1.0 permite a atacantes remotos inyectar scripts web o HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro (1) cid, (2) uid, y (3) nid en (a) news.php, y el par\u00e1metro nid en (b) rating.php."}], "id": "CVE-2007-1248", "lastModified": "2018-10-16T16:37:36.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-03-03T20:19:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/24334"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2343"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/461672/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/22783"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/0818"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32772"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}