1. Home
  2. CVE Database
  3. CVE-2007-5403
LOW · 3.5

CVE-2007-5403

Multiple cross-site scripting (XSS) vulnerabilities in Layton HelpBox 3.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Forename, (2) Surname, (3) Telephone, an...

Vulnerability Description

Multiple cross-site scripting (XSS) vulnerabilities in Layton HelpBox 3.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Forename, (2) Surname, (3) Telephone, and (4) Fax fields to writeenduserenduser.asp; the (5) Filter field to statsrequestypereport.asp; and the (6) sys_request_id parameter to requestattach.asp; and allow remote authenticated users to inject arbitrary web script or HTML via the (7) Asset, (8) Location, and (9) Problem fields to editrequestenduser.asp; the (10) Asset, (11) Asset Location, (12) Problem Desc, and (13) Solution Desc fields to editrequestuser.asp; and the (14) End User and (15) Description fields to usersearchrequests.asp. NOTE: vectors 5 and 6 do not require authentication to exploit.

CVSS Score

3.5

LOW

AV:N/AC:M/Au:S/C:N/I:P/A:N
Confidentiality
NONE
Integrity
PARTIAL
Availability
NONE

Affected Products

VendorProductVersions
Layton TechnologyHelpbox3.7.1

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2007-5403?

CVE-2007-5403 is a vulnerability with a CVSS score of 3.5 (LOW). Multiple cross-site scripting (XSS) vulnerabilities in Layton HelpBox 3.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Forename, (2) Surname, (3) Telephone, an...

How severe is CVE-2007-5403?

CVE-2007-5403 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2007-5403?

Check the references section above for vendor advisories and patch information. Affected products include: Layton Technology Helpbox.