{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-12-06T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the WebRunMenuFrame page in the online meeting center template in IBM Lotus Sametime before 8.0 allows remote attackers to inject arbitrary web script or HTML via the URI."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "sametime-webrunmenuframe-xss(38891)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38891"}, {"name": "26734", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/26734"}, {"name": "39258", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/39258"}, {"name": "ADV-2007-4104", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/4104"}, {"name": "27941", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27941"}, {"name": "1019053", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1019053"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-1.ibm.com/support/docview.wss?uid=sim5079c9d76e4fcf910852573a800495249"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-6295", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in the WebRunMenuFrame page in the online meeting center template in IBM Lotus Sametime before 8.0 allows remote attackers to inject arbitrary web script or HTML via the URI."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "sametime-webrunmenuframe-xss(38891)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38891"}, {"name": "26734", "refsource": "BID", "url": "http://www.securityfocus.com/bid/26734"}, {"name": "39258", "refsource": "OSVDB", "url": "http://osvdb.org/39258"}, {"name": "ADV-2007-4104", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/4104"}, {"name": "27941", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27941"}, {"name": "1019053", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1019053"}, {"name": "http://www-1.ibm.com/support/docview.wss?uid=sim5079c9d76e4fcf910852573a800495249", "refsource": "CONFIRM", "url": "http://www-1.ibm.com/support/docview.wss?uid=sim5079c9d76e4fcf910852573a800495249"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-6295", "datePublished": "2007-12-10T18:00:00", "dateReserved": "2007-12-10T00:00:00", "dateUpdated": "2017-08-07T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:lotus_sametime:*:*:*:*:*:*:*:*", "matchCriteriaId": "0E112082-D680-4926-B6A5-290C6E0041BB", "versionEndIncluding": "8.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the WebRunMenuFrame page in the online meeting center template in IBM Lotus Sametime before 8.0 allows remote attackers to inject arbitrary web script or HTML via the URI."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la p\u00e1gina WebRunMenuFrame en la plantilla de centro de encuentros de IBM Lotus Sametime versiones anteriores a 8.0 permite a atacantes remotos inyectar scripts web o HTML de su elecci\u00f3n mediante el URI."}], "id": "CVE-2007-6295", "lastModified": "2017-08-08T01:29:04.430", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-12-10T18:46:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/39258"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/27941"}, {"source": "cve@mitre.org", "url": "http://www-1.ibm.com/support/docview.wss?uid=sim5079c9d76e4fcf910852573a800495249"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/26734"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1019053"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/4104"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38891"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}