CyberSec.Space Logo
Back to CVE Browser

CVE-2007-3299

MEDIUM
4.3
CVSS Severity Score
EPSS Score0.0080%
EPSS Percentile14.09th
PublishedJun 20, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

Cross-site scripting (XSS) vulnerability in AWFFull before 3.7.4, when AllSearchStr (aka the All Search Terms report) is enabled, allows remote attackers to inject arbitrary web script or HTML via a search string.

Affected Platforms (CPE)

πŸ“¦
Awffull

Awffull

<= 3.7.1

References & Advisories

πŸ”— http://osvdb.org/37478
πŸ”— http://secunia.com/advisories/25776
πŸ”— http://www.securityfocus.com/bid/24587
πŸ”— http://www.stedee.id.au/awffull/changes
πŸ”— http://www.stedee.id.au/flyspray/task/10
πŸ”— http://www.stedee.id.au/pipermail/awffull/2007-May/000363.html
πŸ”— http://www.stedee.id.au/pipermail/awffull/2007-May/000364.html
πŸ”— http://www.stedee.id.au/pipermail/awffull/2007-May/000365.html

Related Vulnerabilities

CVE-2007-051010.0

Multiple buffer overflows in (1) graphs.c, (2) output.c, and (3) preserve.c in AWFFull 3.7.1 and earlier have unknown impact and a...

CVE-2007-049610.0

PHP remote file inclusion vulnerability in lib/nl/nl.php in Neon Labs Website (nlws) 3.2 and earlier allows remote attackers to ex...

CVE-2007-158710.0

templates/config/mail.tpl in Tim Soderstrom StatsDawg 0.92 allows remote attackers to execute arbitrary programs by specifying the...

CVE-2007-182310.0

T-Mobile voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailboxes, by spoofing Calling N...