Vulnerability Name:

CVE-2007-6295 (CCN-38891)

Assigned:2007-12-05
Published:2007-12-05
Updated:2017-08-08
Summary:Cross-site scripting (XSS) vulnerability in the WebRunMenuFrame page in the online meeting center template in IBM Lotus Sametime before 8.0 allows remote attackers to inject arbitrary web script or HTML via the URI.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-79
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2007-6295

Source: OSVDB
Type: UNKNOWN
39258

Source: CCN
Type: SA27941
IBM Lotus Sametime Meeting WebRunMenuFrame Page Cross-Site Scripting

Source: SECUNIA
Type: Vendor Advisory
27941

Source: CCN
Type: SECTRACK ID: 1019053
IBM Lotus Sametime Input Validation Hole in WebRunMenuFrame Page Permits Cross-Site Scripting Attacks

Source: CCN
Type: IBM SPR #IHAS77TRYF
SPR #IHAS77TRYF (WebRunMenuFrame Page xss)

Source: CONFIRM
Type: UNKNOWN
http://www-1.ibm.com/support/docview.wss?uid=sim5079c9d76e4fcf910852573a800495249

Source: CCN
Type: OSVDB ID: 39258
IBM Lotus Sametime WebRunMenuFrame Page URI XSS

Source: BID
Type: UNKNOWN
26734

Source: CCN
Type: BID-26734
IBM Lotus Sametime Server WebRunMenuFrame Cross-Site Scripting Vulnerability

Source: SECTRACK
Type: UNKNOWN
1019053

Source: VUPEN
Type: UNKNOWN
ADV-2007-4104

Source: XF
Type: UNKNOWN
sametime-webrunmenuframe-xss(38891)

Source: XF
Type: UNKNOWN
sametime-webrunmenuframe-xss(38891)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:ibm:lotus_sametime:*:*:*:*:*:*:*:* (Version <= 8.0)

    • Configuration CCN 1:
  • cpe:/a:ibm:lotus_sametime:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_sametime:7.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_sametime:7.5:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    ibm lotus sametime *
    ibm lotus sametime 7.0
    ibm lotus sametime 7.5.1
    ibm lotus sametime 7.5