CVE-2007-5480

Multiple cross-site scripting (XSS) vulnerabilities in InnovaAge InnovaShop allow remote attackers to inject arbitrary web script or HTML via the (1) msg parameter to msg.jsp, and the (2) contentid parameter to tc/contents/home001.jsp.

Published: Oct 17, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-5480
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
innovaage / innovashop	-	-

http://marc.info/?l=bugtraq&m=119248056804520&w=2
http://osvdb.org/37927
http://osvdb.org/37928
http://secunia.com/advisories/27225
http://www.securityfocus.com/bid/26084
https://exchange.xforce.ibmcloud.com/vulnerabilities/37273

Vulnerability Database

CVE-2007-5480