CVE-2007-2592 - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to de/pda/dev_logon.asp and (2) multiple unspecified vectors in (a) usrmgr/registerAccount.asp, (b) de/create_account.asp, and other files.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Nokia	Groupwise Mobile Server Intellisync Mobile Suite Intellisync Wireless Email Express

Configuration 1 [-]

OR	cpe:2.3:a:nokia:groupwise_mobile_server::::::::
	cpe:2.3:a:nokia:intellisync_mobile_suite:6.4.31.2:::::::*
	cpe:2.3:a:nokia:intellisync_mobile_suite:6.6.0.107:::::::*
	cpe:2.3:a:nokia:intellisync_mobile_suite:6.6.2.2:::::::*
	cpe:2.3:a:nokia:intellisync_wireless_email_express::::::::

No data.

References

Link	Providers
http://osvdb.org/34515
http://osvdb.org/34516
http://osvdb.org/34517
http://secunia.com/advisories/25212
http://secunia.com/advisories/26199
http://securityreason.com/securityalert/2689
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5005120.html
http://www.sec-consult.com/289.html
http://www.securityfocus.com/archive/1/468048/100/0/threaded
http://www.securityfocus.com/bid/23889
http://www.securitytracker.com/id?1018454
http://www.vupen.com/english/advisories/2007/1727
http://www.vupen.com/english/advisories/2007/2657
https://exchange.xforce.ibmcloud.com/vulnerabilities/34187

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-05-11T03:55:00

Updated: 2024-08-07T13:42:33.445Z

Reserved: 2007-05-10T00:00:00

Link: CVE-2007-2592

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-05-11T04:20:00.000

Modified: 2018-10-16T16:44:41.103

Link: CVE-2007-2592

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-05-09T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to de/pda/dev_logon.asp and (2) multiple unspecified vectors in (a) usrmgr/registerAccount.asp, (b) de/create_account.asp, and other files."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.sec-consult.com/289.html"}, {"name": "34517", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/34517"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5005120.html"}, {"name": "ADV-2007-1727", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/1727"}, {"name": "26199", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26199"}, {"name": "34516", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/34516"}, {"name": "34515", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/34515"}, {"name": "20070509 SEC Consult SA-20070509-0 :: Multiple vulnerabilites in Nokia Intellisync Mobile Suite & Wireless Email Express", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/468048/100/0/threaded"}, {"name": "1018454", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1018454"}, {"name": "25212", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25212"}, {"name": "2689", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2689"}, {"name": "ADV-2007-2657", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/2657"}, {"name": "23889", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/23889"}, {"name": "nokia-multiple-scripts-xss(34187)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34187"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-2592", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to de/pda/dev_logon.asp and (2) multiple unspecified vectors in (a) usrmgr/registerAccount.asp, (b) de/create_account.asp, and other files."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.sec-consult.com/289.html", "refsource": "MISC", "url": "http://www.sec-consult.com/289.html"}, {"name": "34517", "refsource": "OSVDB", "url": "http://osvdb.org/34517"}, {"name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5005120.html", "refsource": "CONFIRM", "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5005120.html"}, {"name": "ADV-2007-1727", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1727"}, {"name": "26199", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26199"}, {"name": "34516", "refsource": "OSVDB", "url": "http://osvdb.org/34516"}, {"name": "34515", "refsource": "OSVDB", "url": "http://osvdb.org/34515"}, {"name": "20070509 SEC Consult SA-20070509-0 :: Multiple vulnerabilites in Nokia Intellisync Mobile Suite & Wireless Email Express", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/468048/100/0/threaded"}, {"name": "1018454", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1018454"}, {"name": "25212", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25212"}, {"name": "2689", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2689"}, {"name": "ADV-2007-2657", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/2657"}, {"name": "23889", "refsource": "BID", "url": "http://www.securityfocus.com/bid/23889"}, {"name": "nokia-multiple-scripts-xss(34187)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34187"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T13:42:33.445Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.sec-consult.com/289.html"}, {"name": "34517", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/34517"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5005120.html"}, {"name": "ADV-2007-1727", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/1727"}, {"name": "26199", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26199"}, {"name": "34516", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/34516"}, {"name": "34515", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/34515"}, {"name": "20070509 SEC Consult SA-20070509-0 :: Multiple vulnerabilites in Nokia Intellisync Mobile Suite & Wireless Email Express", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/468048/100/0/threaded"}, {"name": "1018454", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1018454"}, {"name": "25212", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25212"}, {"name": "2689", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/2689"}, {"name": "ADV-2007-2657", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/2657"}, {"name": "23889", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/23889"}, {"name": "nokia-multiple-scripts-xss(34187)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34187"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-2592", "datePublished": "2007-05-11T03:55:00", "dateReserved": "2007-05-10T00:00:00", "dateUpdated": "2024-08-07T13:42:33.445Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nokia:groupwise_mobile_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "49230DA2-0B09-42BF-811B-1CCF56181FBC", "vulnerable": true}, {"criteria": "cpe:2.3:a:nokia:intellisync_mobile_suite:6.4.31.2:*:*:*:*:*:*:*", "matchCriteriaId": "A3E0EF3B-D4F6-4300-949B-F80285C43CAB", "vulnerable": true}, {"criteria": "cpe:2.3:a:nokia:intellisync_mobile_suite:6.6.0.107:*:*:*:*:*:*:*", "matchCriteriaId": "DB300678-04E7-4F6B-AE43-8931C2FF5F40", "vulnerable": true}, {"criteria": "cpe:2.3:a:nokia:intellisync_mobile_suite:6.6.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "F1795FDF-D272-476F-85FA-D57A474CA3F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:nokia:intellisync_wireless_email_express:*:*:*:*:*:*:*:*", "matchCriteriaId": "75F41ABD-B71D-48B3-B911-8F0ED1BA8A83", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to de/pda/dev_logon.asp and (2) multiple unspecified vectors in (a) usrmgr/registerAccount.asp, (b) de/create_account.asp, and other files."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades secuencias de comandos en sitios cruzados (XSS) en el Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107 y 6.6.2.2, posiblemente involucrando al Novell Groupwise Mobile Server y al Nokia Intellisync Wireless Email Express, permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro (1) username en el de/pda/dev_logon.asp y (2) m\u00faltiples vectores sin especificar en el (a) usrmgr/registerAccount.asp, (b) de/create_account.asp y otros archivos."}], "id": "CVE-2007-2592", "lastModified": "2018-10-16T16:44:41.103", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-05-11T04:20:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/34515"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/34516"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/34517"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/25212"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/26199"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2689"}, {"source": "cve@mitre.org", "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5005120.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.sec-consult.com/289.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/468048/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/23889"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1018454"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/1727"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/2657"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34187"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}