Vulnerabilities > CVE-2007-3693 - Cross-Site Scripting vulnerability in Helma Search Script

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
gobi-and-helma
exploit available
NVD
Published: 2007-07-11
Updated: 2008-09-05

Summary

Cross-site scripting (XSS) vulnerability in Gobi as of 20070711, built on Helma, allows remote attackers to inject arbitrary web script or HTML via the q parameter to the search function.

Vulnerable Configurations

Part Description Count
Application
Gobi_And_Helma
1

Exploit-Db

descriptionHelma 1.5.3 Search Script Cross-Site Scripting Vulnerability. CVE-2007-3693. Webapps exploit for php platform
idEDB-ID:30293
last seen2016-02-03
modified2007-07-12
published2007-07-12
reporterHanno Boeck
sourcehttps://www.exploit-db.com/download/30293/
titleHelma 1.5.3 - Search Script Cross-Site Scripting Vulnerability

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/57701/CVE-2007-3693-gobi.txt
idPACKETSTORM:57701
last seen2016-12-05
published2007-07-13
reporterHanno Boeck
sourcehttps://packetstormsecurity.com/files/57701/CVE-2007-3693-gobi.txt.html
titleCVE-2007-3693-gobi.txt

References