CyberSec.Space Logo
Back to CVE Browser

CVE-2007-5477

MEDIUM
4.3
CVSS Severity Score
EPSS Score0.1280%
EPSS Percentile43.46th
PublishedOct 16, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

Cross-site scripting (XSS) vulnerability in auth.w in djeyl.net WebMod 0.48 Half-Life Dedicated Server plugin allows remote attackers to inject arbitrary web script or HTML via the redir parameter.

Affected Platforms (CPE)

πŸ“¦
Valve Software

Half Life Dedicated Server

All versions
πŸ“¦
Valve Software

Webmod Plugin

= 0.48

References & Advisories

πŸ”— http://osvdb.org/37833
πŸ”— http://secunia.com/advisories/27245
πŸ”— http://sla.ckers.org/forum/read.php?3%2C44%2C11482#msg-11482
πŸ”— http://www.attrition.org/pipermail/vim/2007-October/001833.html
πŸ”— http://www.securityfocus.com/bid/26087
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/37220
πŸ”— http://osvdb.org/37833
πŸ”— http://secunia.com/advisories/27245

Related Vulnerabilities

CVE-2000-096810.0

Buffer overflow in Half Life dedicated server before build 3104 allows remote attackers to execute arbitrary commands via a long r...

CVE-2000-096910.0

Format string vulnerability in Half Life dedicated server build 3104 and earlier allows remote attackers to execute arbitrary comm...

CVE-2003-13255.2

The SV_CheckForDuplicateNames function in Valve Software Half-Life CSTRIKE Dedicated Server 1.1.1.0 and earlier allows remote auth...

CVE-2006-07344.0

The SV_CheckForDuplicateNames function in Valve Software Half-Life CSTRIKE Dedicated Server 1.6 and earlier allows remote authenti...