CyberSec.Space Logo
CVEブラウザに戻る

CVE-2007-5477

MEDIUM
4.3
CVSS Severity Score
EPSS Score0.1280%
EPSS Percentile43.46th
Published2007年10月16日
Last Modified2026年4月23日

Vulnerability Description

Cross-site scripting (XSS) vulnerability in auth.w in djeyl.net WebMod 0.48 Half-Life Dedicated Server plugin allows remote attackers to inject arbitrary web script or HTML via the redir parameter.

Affected Platforms (CPE)

📦
Valve Software

Half Life Dedicated Server

All versions
📦
Valve Software

Webmod Plugin

= 0.48

References & Advisories

🔗 http://osvdb.org/37833
🔗 http://secunia.com/advisories/27245
🔗 http://sla.ckers.org/forum/read.php?3%2C44%2C11482#msg-11482
🔗 http://www.attrition.org/pipermail/vim/2007-October/001833.html
🔗 http://www.securityfocus.com/bid/26087
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/37220
🔗 http://osvdb.org/37833
🔗 http://secunia.com/advisories/27245

関連する脆弱性情報

CVE-2000-096810.0

Buffer overflow in Half Life dedicated server before build 3104 allows remote attackers to execute arbitrary commands via a long r...

CVE-2000-096910.0

Format string vulnerability in Half Life dedicated server build 3104 and earlier allows remote attackers to execute arbitrary comm...

CVE-2003-13255.2

The SV_CheckForDuplicateNames function in Valve Software Half-Life CSTRIKE Dedicated Server 1.1.1.0 and earlier allows remote auth...

CVE-2006-07344.0

The SV_CheckForDuplicateNames function in Valve Software Half-Life CSTRIKE Dedicated Server 1.6 and earlier allows remote authenti...