Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in GreenSQL allow remote attackers to inject arbitrary web script or HTML via several vectors, as demonstrated by the (1) uname and (2) pass parameters in a login form, and (3) an unspecified "url value," leading to storage of XSS sequences in the database and display of these sequences in the alert section of the admin panel.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Greensql | Greensql | 0.2.2 |
Related Weaknesses (CWE)
References
- http://www.greensql.net/security
- http://www.osvdb.org/38165
- http://www.osvdb.org/38166
- http://www.securityfocus.com/archive/1/480278/100/0/threaded
- http://www.securityfocus.com/bid/25767
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36749
- http://www.greensql.net/security
- http://www.osvdb.org/38165
- http://www.osvdb.org/38166
- http://www.securityfocus.com/archive/1/480278/100/0/threaded
- http://www.securityfocus.com/bid/25767
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36749
FAQ
What is CVE-2007-5059?
CVE-2007-5059 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in GreenSQL allow remote attackers to inject arbitrary web script or HTML via several vectors, as demonstrated by the (1) uname and (2) pass paramet...
How severe is CVE-2007-5059?
CVE-2007-5059 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-5059?
Check the references section above for vendor advisories and patch information. Affected products include: Greensql Greensql.