Vulnerabilities > CVE-2007-2739 - Unspecified vulnerability in Xajax
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Cross-site scripting (XSS) vulnerability in xajax before 0.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Nessus
NASL family | Debian Local Security Checks |
NASL id | DEBIAN_DSA-1692.NASL |
description | It was discovered that php-xajax, a library to develop Ajax applications, did not sufficiently sanitise URLs, which allows attackers to perform cross-site scripting attacks by using malicious URLs. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 35275 |
published | 2008-12-29 |
reporter | This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/35275 |
title | Debian DSA-1692-1 : php-xajax - insufficient input sanitising |
code |
|
References
- http://osvdb.org/36174
- http://secunia.com/advisories/25299
- http://secunia.com/advisories/33265
- http://sourceforge.net/project/shownotes.php?release_id=508650
- http://www.debian.org/security/2008/dsa-1692
- http://www.vupen.com/english/advisories/2007/1841
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34323