Vulnerabilities > CVE-2007-3485 - Cross-Site Scripting vulnerability in Yandex.Server
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE network
yandex
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Yandex.Server allow remote attackers to inject arbitrary web script or HTML via the (1) query or (2) within parameter to the default URI.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Packetstorm
data source | https://packetstormsecurity.com/files/download/112945/yandex-xss.txt |
id | PACKETSTORM:112945 |
last seen | 2016-12-05 |
published | 2012-05-22 |
reporter | MustLive |
source | https://packetstormsecurity.com/files/112945/Yandex.Server-2010-9.0-Enterprise-Cross-Site-Scripting.html |
title | Yandex.Server 2010 9.0 Enterprise Cross Site Scripting |