Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in MapServer before 4.10.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the (1) processLine function in maptemplate.c and the (2) writeError function in mapserv.c in the mapserv CGI program.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| University Of Minnesota | Mapserver | <= 4.10.3 |
Related Weaknesses (CWE)
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=439346
- http://mapserver.gis.umn.edu/download/current/HISTORY.TXT/
- http://secunia.com/advisories/26561PatchVendor Advisory
- http://secunia.com/advisories/26718
- http://secunia.com/advisories/29688
- http://trac.osgeo.org/mapserver/attachment/ticket/2256/ms-bug-2256-4.8.patch
- http://trac.osgeo.org/mapserver/ticket/2256
- http://www.debian.org/security/2008/dsa-1539
- http://www.securityfocus.com/bid/25582
- http://www.vupen.com/english/advisories/2007/2974
- https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00096.
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=439346
- http://mapserver.gis.umn.edu/download/current/HISTORY.TXT/
- http://secunia.com/advisories/26561PatchVendor Advisory
- http://secunia.com/advisories/26718
FAQ
What is CVE-2007-4542?
CVE-2007-4542 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in MapServer before 4.10.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the (1) processLine funct...
How severe is CVE-2007-4542?
CVE-2007-4542 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-4542?
Check the references section above for vendor advisories and patch information. Affected products include: University Of Minnesota Mapserver.