CVE-2007-3708

{"id": "CVE-2007-3708", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2007-07-11T23:30:00.000", "references": [{"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064500.html", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/37907", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/25991", "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/2877", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/473190/100/0/threaded", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35350", "source": "cve@mitre.org"}, {"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064500.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://osvdb.org/37907", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/25991", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securityreason.com/securityalert/2877", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/473190/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35350", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in CodeIgniter 1.5.3 before 20070626 allows remote attackers to inject arbitrary web script or HTML via (1) String.fromCharCode and (2) malformed nested tag manipulations in an unspecified component, related to insufficient sanitization by the xss_clean function."}, {"lang": "es", "value": "Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en CodeIgniter 1.5.3 anterior a 20070626 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de (1) String.fromCharCode y (2) manipulaciones de etiquetas anidadas malformadas en un componente no especificado, relacionado con un insuficiente limpieza por parte de la funci\u00f3n xss_clean."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:codeigniter:codeigniter:1.5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7854CAB9-06E9-42AD-AD02-2D7717455D88"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}