CVE-2007-3299

MEDIUM

4.3

CVSS Severity Score

EPSS Score0.0080%

EPSS Percentile14.09th

Published2007年6月20日

Last Modified2026年4月23日

Vulnerability Description

Cross-site scripting (XSS) vulnerability in AWFFull before 3.7.4, when AllSearchStr (aka the All Search Terms report) is enabled, allows remote attackers to inject arbitrary web script or HTML via a search string.

Affected Platforms (CPE)

📦

Awffull

<= 3.7.1

References & Advisories

🔗 http://osvdb.org/37478

🔗 http://secunia.com/advisories/25776

🔗 http://www.securityfocus.com/bid/24587

🔗 http://www.stedee.id.au/awffull/changes

🔗 http://www.stedee.id.au/flyspray/task/10

🔗 http://www.stedee.id.au/pipermail/awffull/2007-May/000363.html

🔗 http://www.stedee.id.au/pipermail/awffull/2007-May/000364.html

🔗 http://www.stedee.id.au/pipermail/awffull/2007-May/000365.html

Vulnerability Description

Affected Platforms (CPE)

Awffull

References & Advisories

関連する脆弱性情報