CVE-2007-5403 - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in Layton HelpBox 3.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Forename, (2) Surname, (3) Telephone, and (4) Fax fields to writeenduserenduser.asp; the (5) Filter field to statsrequestypereport.asp; and the (6) sys_request_id parameter to requestattach.asp; and allow remote authenticated users to inject arbitrary web script or HTML via the (7) Asset, (8) Location, and (9) Problem fields to editrequestenduser.asp; the (10) Asset, (11) Asset Location, (12) Problem Desc, and (13) Solution Desc fields to editrequestuser.asp; and the (14) End User and (15) Description fields to usersearchrequests.asp. NOTE: vectors 5 and 6 do not require authentication to exploit.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Layton Technology	Helpbox

Configuration 1 [-]

cpe:2.3:a:layton_technology:helpbox:3.7.1:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://secunia.com/advisories/27699
http://secunia.com/secunia_research/2007-94/advisory/
http://www.securityfocus.com/bid/27187
https://exchange.xforce.ibmcloud.com/vulnerabilities/39537
https://exchange.xforce.ibmcloud.com/vulnerabilities/39540
https://exchange.xforce.ibmcloud.com/vulnerabilities/39541
https://exchange.xforce.ibmcloud.com/vulnerabilities/39542
https://exchange.xforce.ibmcloud.com/vulnerabilities/39543

History

No history.

MITRE

Status: PUBLISHED

Assigner: flexera

Published: 2008-01-09T21:00:00

Updated: 2024-08-07T15:31:57.868Z

Reserved: 2007-10-12T00:00:00

Link: CVE-2007-5403

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-01-09T21:46:00.000

Modified: 2017-07-29T01:33:39.723

Link: CVE-2007-5403

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-01-08T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Layton HelpBox 3.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Forename, (2) Surname, (3) Telephone, and (4) Fax fields to writeenduserenduser.asp; the (5) Filter field to statsrequestypereport.asp; and the (6) sys_request_id parameter to requestattach.asp; and allow remote authenticated users to inject arbitrary web script or HTML via the (7) Asset, (8) Location, and (9) Problem fields to editrequestenduser.asp; the (10) Asset, (11) Asset Location, (12) Problem Desc, and (13) Solution Desc fields to editrequestuser.asp; and the (14) End User and (15) Description fields to usersearchrequests.asp. NOTE: vectors 5 and 6 do not require authentication to exploit."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "shortName": "flexera"}, "references": [{"name": "helpbox-usersearchrequests-xss(39543)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39543"}, {"tags": ["x_refsource_MISC"], "url": "http://secunia.com/secunia_research/2007-94/advisory/"}, {"name": "helpbox-editrequestenduser-xss(39540)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39540"}, {"name": "27187", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/27187"}, {"name": "helpbox-requestattach-xss(39537)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39537"}, {"name": "27699", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27699"}, {"name": "helpbox-statsrequestypereport-xss(39542)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39542"}, {"name": "helpbox-writeenduserenduser-xss(39541)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39541"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "PSIRT-CNA@flexerasoftware.com", "ID": "CVE-2007-5403", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Layton HelpBox 3.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Forename, (2) Surname, (3) Telephone, and (4) Fax fields to writeenduserenduser.asp; the (5) Filter field to statsrequestypereport.asp; and the (6) sys_request_id parameter to requestattach.asp; and allow remote authenticated users to inject arbitrary web script or HTML via the (7) Asset, (8) Location, and (9) Problem fields to editrequestenduser.asp; the (10) Asset, (11) Asset Location, (12) Problem Desc, and (13) Solution Desc fields to editrequestuser.asp; and the (14) End User and (15) Description fields to usersearchrequests.asp. NOTE: vectors 5 and 6 do not require authentication to exploit."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "helpbox-usersearchrequests-xss(39543)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39543"}, {"name": "http://secunia.com/secunia_research/2007-94/advisory/", "refsource": "MISC", "url": "http://secunia.com/secunia_research/2007-94/advisory/"}, {"name": "helpbox-editrequestenduser-xss(39540)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39540"}, {"name": "27187", "refsource": "BID", "url": "http://www.securityfocus.com/bid/27187"}, {"name": "helpbox-requestattach-xss(39537)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39537"}, {"name": "27699", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27699"}, {"name": "helpbox-statsrequestypereport-xss(39542)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39542"}, {"name": "helpbox-writeenduserenduser-xss(39541)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39541"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T15:31:57.868Z"}, "title": "CVE Program Container", "references": [{"name": "helpbox-usersearchrequests-xss(39543)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39543"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://secunia.com/secunia_research/2007-94/advisory/"}, {"name": "helpbox-editrequestenduser-xss(39540)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39540"}, {"name": "27187", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/27187"}, {"name": "helpbox-requestattach-xss(39537)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39537"}, {"name": "27699", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27699"}, {"name": "helpbox-statsrequestypereport-xss(39542)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39542"}, {"name": "helpbox-writeenduserenduser-xss(39541)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39541"}]}]}, "cveMetadata": {"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "assignerShortName": "flexera", "cveId": "CVE-2007-5403", "datePublished": "2008-01-09T21:00:00", "dateReserved": "2007-10-12T00:00:00", "dateUpdated": "2024-08-07T15:31:57.868Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:layton_technology:helpbox:3.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "C49D31B3-8A03-40BF-91A9-708D62FCD0D8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Layton HelpBox 3.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Forename, (2) Surname, (3) Telephone, and (4) Fax fields to writeenduserenduser.asp; the (5) Filter field to statsrequestypereport.asp; and the (6) sys_request_id parameter to requestattach.asp; and allow remote authenticated users to inject arbitrary web script or HTML via the (7) Asset, (8) Location, and (9) Problem fields to editrequestenduser.asp; the (10) Asset, (11) Asset Location, (12) Problem Desc, and (13) Solution Desc fields to editrequestuser.asp; and the (14) End User and (15) Description fields to usersearchrequests.asp. NOTE: vectors 5 and 6 do not require authentication to exploit."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Layton HelpBox 3.7.1 permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML a trav\u00e9s de los campos (1) Forename, (2) Surname, (3) Telephone, y (4) Fax de writeenduserenduser.asp; el campo (5) Filter de statsrequestypereport.asp; y el par\u00e1metro (6) sys_request_id de requestattach.asp;y permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de los campos (7) Asset, (8) Location, y (9) Problem de editrequestenduser.asp;los campos (10) Asset, (11) Asset Location, (12) Problem Desc, y (13) Solution Desc de editrequestuser.asp; y los campos (14) End User y (15) Description de usersearchrequests.asp. NOTA: los vectores 5 y 6 no requieren autenticaci\u00f3n para ser explotados."}], "id": "CVE-2007-5403", "lastModified": "2017-07-29T01:33:39.723", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2008-01-09T21:46:00.000", "references": [{"source": "PSIRT-CNA@flexerasoftware.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/27699"}, {"source": "PSIRT-CNA@flexerasoftware.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/secunia_research/2007-94/advisory/"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.securityfocus.com/bid/27187"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39537"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39540"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39541"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39542"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39543"}], "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}