CVE-2007-6001

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Bandersnatch 0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) func or (2) date parameter, or the jid parameter in a (3) log or (4) user action, a different vulnerability than CVE-2007-3910.

Published: Nov 15, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-6001
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
bandersnatch / bandersnatch	0.4	0.4.x

http://www.portcullis-security.com/180.php
http://www.securityfocus.com/bid/26553
https://exchange.xforce.ibmcloud.com/vulnerabilities/38360

Vulnerability Database

CVE-2007-6001