Vulnerability Description
Cross-site scripting (XSS) vulnerability in Mayaa before 1.1.12 allows remote attackers to inject arbitrary web script or HTML in certain circumstances involving (1) lack of charset specification within a META element or (2) a META element that specifies an unrecognized charset, which trigger automatic character set recognition by the web browser, as demonstrated by improper handling of UTF-7 data.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| The Seasar Foundation | Mayaa | <= 1.1.11 |
Related Weaknesses (CWE)
References
- http://jvn.jp/jp/JVN%2338199598/index.html
- http://mayaa.seasar.org/news/vulnerability20070816.html
- http://osvdb.org/36655
- http://secunia.com/advisories/26597PatchVendor Advisory
- http://www.securityfocus.com/bid/25443
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36269
- http://jvn.jp/jp/JVN%2338199598/index.html
- http://mayaa.seasar.org/news/vulnerability20070816.html
- http://osvdb.org/36655
- http://secunia.com/advisories/26597PatchVendor Advisory
- http://www.securityfocus.com/bid/25443
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36269
FAQ
What is CVE-2007-4595?
CVE-2007-4595 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in Mayaa before 1.1.12 allows remote attackers to inject arbitrary web script or HTML in certain circumstances involving (1) lack of charset specification with...
How severe is CVE-2007-4595?
CVE-2007-4595 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-4595?
Check the references section above for vendor advisories and patch information. Affected products include: The Seasar Foundation Mayaa.