Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in VisionProject 3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) projectIssueId parameter in EditProjectIssue.do, the (2) projectId parameter in ProjectSelected.do, the (3) folderId parameter in ProjectDocuments.do and the (4) sortField parameter in ProjectIssues.do.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Visionera Ab | Visionproject | <= 3.1 |
References
- http://osvdb.org/36433
- http://osvdb.org/36434
- http://osvdb.org/36435
- http://osvdb.org/36436
- http://pridels-team.blogspot.com/2007/08/visionproject-multiple-xss-vuln.html
- http://secunia.com/advisories/26346Vendor Advisory
- http://www.securityfocus.com/bid/25218Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35825
- http://osvdb.org/36433
- http://osvdb.org/36434
- http://osvdb.org/36435
- http://osvdb.org/36436
- http://pridels-team.blogspot.com/2007/08/visionproject-multiple-xss-vuln.html
- http://secunia.com/advisories/26346Vendor Advisory
- http://www.securityfocus.com/bid/25218Exploit
FAQ
What is CVE-2007-4265?
CVE-2007-4265 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in VisionProject 3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) projectIssueId parameter in EditProjectIs...
How severe is CVE-2007-4265?
CVE-2007-4265 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-4265?
Check the references section above for vendor advisories and patch information. Affected products include: Visionera Ab Visionproject.