ID CVE-2007-3396
Summary Cross-site scripting (XSS) vulnerability in index.wkf in KeyFocus (KF) web server 3.1.0 allows remote attackers to inject arbitrary web script or HTML via the opsubmenu parameter.
References
Vulnerable Configurations
  • cpe:2.3:a:key_focus:kf_web_server:3.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:key_focus:kf_web_server:3.1.0:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 16-10-2018 - 16:49)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:N
refmap via4
bid 24623
bugtraq
  • 20070623 KF Web Server 3.1.0 admin console XSS
  • 20070626 Re: KF Web Server 3.1.0 admin console XSS
confirm http://www.keyfocus.net/kfws/support/index.php
osvdb 36331
secunia 25828
sreason 2840
vupen ADV-2007-2331
xf kfwebserver-index-xss(35042)
Last major update 16-10-2018 - 16:49
Published 26-06-2007 - 17:30
Last modified 16-10-2018 - 16:49
Back to Top