{"containers":{"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2007-09-24T00:00:00.000Z","descriptions":[{"lang":"en","value":"Multiple cross-site scripting (XSS) vulnerabilities in JSPWiki 2.4.103 and 2.5.139-beta allow remote attackers to inject arbitrary web script or HTML via the (1) group and (2) members parameters in (a) NewGroup.jsp; the (3) edittime parameter in (b) Edit.jsp; the (4) edittime, (5) author, and (6) link parameters in (c) Comment.jsp; the (7) loginname, (8) wikiname, (9) fullname, and (10) email parameters in (d) UserPreferences.jsp and (e) Login.jsp; the (11) r1 and (12) r2 parameters in (f) Diff.jsp; and the (13) changenote parameter in (g) PageInfo.jsp."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-10-15T20:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"25803","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/25803"},{"name":"20070925 JSPWiki Multiple Vulnerabilities","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/480570/100/0/threaded"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.ecyrd.com/~jalkanen/JSPWiki/2.4.104/ChangeLog"},{"name":"3167","tags":["third-party-advisory","x_refsource_SREASON"],"url":"http://securityreason.com/securityalert/3167"},{"name":"jspwiki-multiple-xss(36766)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/36766"},{"name":"20070924 JSPWiki Multiple Input Validation Vulnerabilities","tags":["mailing-list","x_refsource_FULLDISC"],"url":"http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/066096.html"},{"name":"26961","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/26961"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2007-5120","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple cross-site scripting (XSS) vulnerabilities in JSPWiki 2.4.103 and 2.5.139-beta allow remote attackers to inject arbitrary web script or HTML via the (1) group and (2) members parameters in (a) NewGroup.jsp; the (3) edittime parameter in (b) Edit.jsp; the (4) edittime, (5) author, and (6) link parameters in (c) Comment.jsp; the (7) loginname, (8) wikiname, (9) fullname, and (10) email parameters in (d) UserPreferences.jsp and (e) Login.jsp; the (11) r1 and (12) r2 parameters in (f) Diff.jsp; and the (13) changenote parameter in (g) PageInfo.jsp."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"25803","refsource":"BID","url":"http://www.securityfocus.com/bid/25803"},{"name":"20070925 JSPWiki Multiple Vulnerabilities","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/480570/100/0/threaded"},{"name":"http://www.ecyrd.com/~jalkanen/JSPWiki/2.4.104/ChangeLog","refsource":"CONFIRM","url":"http://www.ecyrd.com/~jalkanen/JSPWiki/2.4.104/ChangeLog"},{"name":"3167","refsource":"SREASON","url":"http://securityreason.com/securityalert/3167"},{"name":"jspwiki-multiple-xss(36766)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/36766"},{"name":"20070924 JSPWiki Multiple Input Validation Vulnerabilities","refsource":"FULLDISC","url":"http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/066096.html"},{"name":"26961","refsource":"SECUNIA","url":"http://secunia.com/advisories/26961"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-07T15:17:28.351Z"},"title":"CVE Program Container","references":[{"name":"25803","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/25803"},{"name":"20070925 JSPWiki Multiple Vulnerabilities","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/480570/100/0/threaded"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.ecyrd.com/~jalkanen/JSPWiki/2.4.104/ChangeLog"},{"name":"3167","tags":["third-party-advisory","x_refsource_SREASON","x_transferred"],"url":"http://securityreason.com/securityalert/3167"},{"name":"jspwiki-multiple-xss(36766)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/36766"},{"name":"20070924 JSPWiki Multiple Input Validation Vulnerabilities","tags":["mailing-list","x_refsource_FULLDISC","x_transferred"],"url":"http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/066096.html"},{"name":"26961","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/26961"}]}]},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2007-5120","datePublished":"2007-09-27T17:00:00.000Z","dateReserved":"2007-09-27T00:00:00.000Z","dateUpdated":"2024-08-07T15:17:28.351Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}