CVE-2007-0852 — MEDIUM (6.8)

Vulnerability Description

Cross-site scripting (XSS) vulnerability in DevTrack 6.x allows remote attackers to inject arbitrary web script or HTML via the "Keyword search" form field and unspecified other form fields that populate a public saved query. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVSS Score

6.8

MEDIUM

AV:N/AC:M/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Techexcel Inc.	Devtrack	6.0.3

References

http://osvdb.org/33122
http://secunia.com/advisories/23217Vendor Advisory
http://www.securityfocus.com/bid/22460
http://osvdb.org/33122
http://secunia.com/advisories/23217Vendor Advisory
http://www.securityfocus.com/bid/22460

FAQ

What is CVE-2007-0852?

CVE-2007-0852 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Cross-site scripting (XSS) vulnerability in DevTrack 6.x allows remote attackers to inject arbitrary web script or HTML via the "Keyword search" form field and unspecified other form fields that popul...

How severe is CVE-2007-0852?

CVE-2007-0852 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2007-0852?

Check the references section above for vendor advisories and patch information. Affected products include: Techexcel Inc. Devtrack.