NVD

Id
57468  
Name
CVE-2007-5403  
Description
Multiple cross-site scripting (XSS) vulnerabilities in Layton HelpBox 3.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Forename, (2) Surname, (3) Telephone, and (4) Fax fields to writeenduserenduser.asp; the (5) Filter field to statsrequestypereport.asp; and the (6) sys_request_id parameter to requestattach.asp; and allow remote authenticated users to inject arbitrary web script or HTML via the (7) Asset, (8) Location, and (9) Problem fields to editrequestenduser.asp; the (10) Asset, (11) Asset Location, (12) Problem Desc, and (13) Solution Desc fields to editrequestuser.asp; and the (14) End User and (15) Description fields to usersearchrequests.asp. NOTE: vectors 5 and 6 do not require authentication to exploit.  
Reject
 
CVSS Version
2  
CVSS Score
3.5  
Severity
Low  
CVSS Base Score
3.5  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
6.8  
CVSS Vector
(AV:N/AC:M/Au:S/C:N/I:P/A:N)  
Pub Date
2017-01-07  
Published
2008-01-09  
Modified Date
2008-09-05  
Seq
2007-5403  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
294026 57468 CVE-2007-5403 27187  View
294027 57468 CVE-2007-5403 helpbox-requestattach-xss(39537)  View
294028 57468 CVE-2007-5403 helpbox-editrequestenduser-xss(39540)  View
294029 57468 CVE-2007-5403 helpbox-writeenduserenduser-xss(39541)  View
294030 57468 CVE-2007-5403 helpbox-statsrequestypereport-xss(39542)  View
294031 57468 CVE-2007-5403 helpbox-usersearchrequests-xss(39543)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
48538 JVNDB-2008-003848 Layton HelpBox におけるクロスサイトスクリプティングの脆弱性 Layton HelpBox には、クロスサイトスクリプティングの脆弱性が存在します。 CVE-2007-5403 28758 CVE-2007-5403 57468 3.5 http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-003848.html 2008-01-09 2012-09-25 View