CVE-2007-4434

Cross-site scripting (XSS) vulnerability in textfilesearch.asp in the Text File Search ASP (Classic) edition allows remote attackers to inject arbitrary web script or HTML via the query parameter.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://osvdb.org/37733
http://securityreason.com/securityalert/3046
http://www.packetstormsecurity.org/0708-exploits/tfsc-xss.txt
http://www.securityfocus.com/bid/25350	Exploit
http://osvdb.org/37733
http://securityreason.com/securityalert/3046
http://www.packetstormsecurity.org/0708-exploits/tfsc-xss.txt
http://www.securityfocus.com/bid/25350	Exploit

Configurations

Configuration 1 (hide)

cpe:2.3:a:aspindir:text_file_search:0:*:classic:*:*:*:*:*

History

21 Nov 2024, 00:35

Type	Values Removed	Values Added
References	~~() http://osvdb.org/37733 -~~	() http://osvdb.org/37733 -
References	~~() http://securityreason.com/securityalert/3046 -~~	() http://securityreason.com/securityalert/3046 -
References	~~() http://www.packetstormsecurity.org/0708-exploits/tfsc-xss.txt -~~	() http://www.packetstormsecurity.org/0708-exploits/tfsc-xss.txt -
References	~~() http://www.securityfocus.com/bid/25350 - Exploit~~	() http://www.securityfocus.com/bid/25350 - Exploit

Information

Published : 2007-08-20 19:17

Updated : 2025-04-09 00:30

NVD link : CVE-2007-4434

Mitre link : CVE-2007-4434

CVE.ORG link : CVE-2007-4434

JSON object : View

Products Affected

aspindir

text_file_search

CWE

NVD-CWE-Other

{"id": "CVE-2007-4434", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2007-08-20T19:17:00.000", "references": [{"url": "http://osvdb.org/37733", "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/3046", "source": "cve@mitre.org"}, {"url": "http://www.packetstormsecurity.org/0708-exploits/tfsc-xss.txt", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/25350", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://osvdb.org/37733", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securityreason.com/securityalert/3046", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.packetstormsecurity.org/0708-exploits/tfsc-xss.txt", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/25350", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in textfilesearch.asp in the Text File Search ASP (Classic) edition allows remote attackers to inject arbitrary web script or HTML via the query parameter."}, {"lang": "es", "value": "Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en textfilesearch.asp en la edici\u00f3n Text File Search ASP (Classic) permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro query."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:aspindir:text_file_search:0:*:classic:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "87F4AFC1-C68C-4F3A-8FAA-523B946A4C30"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}