NVD

Id
54598  
Name
CVE-2007-2431  
Description
Dynamic variable evaluation vulnerability in shared/config/tce_config.php in TCExam 4.0.011 and earlier allows remote attackers to conduct cross-site scripting (XSS) and possibly other attacks by modifying critical variables such as $_SERVER, as demonstrated by injecting web script via the _SERVER[SCRIPT_NAME] parameter.  
Reject
 
CVSS Version
2  
CVSS Score
6.8  
Severity
Medium  
CVSS Base Score
6.8  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-07  
Published
2007-05-01  
Modified Date
2008-09-05  
Seq
2007-2431  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
276879 54598 CVE-2007-2431 http://sourceforge.net/forum/forum.php?forum_id=690912  View
276880 54598 CVE-2007-2431 20070501 TCExam - "XSS" is dynamic variable evaluation; vendor patch  View
276881 54598 CVE-2007-2431 3816  View
276882 54598 CVE-2007-2431 23704  View
276883 54598 CVE-2007-2431 tcexam-server-xss(33957)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
56804 JVNDB-2007-005496 TCExam の shared/config/tce_config.php におけるクロスサイトスクリプティング攻撃 (XSS) を実行される脆弱性 TCExam の shared/config/tce_config.php には、クロスサイトスクリプティング攻撃 (XSS)、およびその他の攻撃を実行される脆弱性が存在します。 CVE-2007-2431 25786 CVE-2007-2431 54598 6.8 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-005496.html 2007-05-01 2012-12-20 View