CVE-2007-0146 - Vulnerability Details - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in Fix and Chips CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in (a) delete-announce.php; the (2) Announcement form field in (b) staff.php; the (3) Client Name, (4) Business Name, (5) Street, (6) Address 2, (7) Town/City, (8) Postcode, (9) Phone Number, (10) Email Address and (11) Website Address form fields in (c) new_customer.php; and unspecified fields in (d) search.php and (e) client-results.php.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Fix And Chips Computer Services	Fix And Chips Cms

Configuration 1 [-]

cpe:2.3:a:fix_and_chips_computer_services:fix_and_chips_cms:1.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://secunia.com/advisories/23625
http://securityreason.com/securityalert/2119
http://www.osvdb.org/32646
http://www.osvdb.org/32647
http://www.osvdb.org/32648
http://www.osvdb.org/32649
http://www.osvdb.org/32650
http://www.securityfocus.com/archive/1/456121/100/0/threaded
http://www.vupen.com/english/advisories/2007/0081
https://exchange.xforce.ibmcloud.com/vulnerabilities/31319

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-01-09T18:00:00

Updated: 2024-08-07T12:03:37.221Z

Reserved: 2007-01-09T00:00:00

Link: CVE-2007-0146

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-01-09T18:28:00.000

Modified: 2024-11-21T00:25:06.037

Link: CVE-2007-0146

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-01-06T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Fix and Chips CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in (a) delete-announce.php; the (2) Announcement form field in (b) staff.php; the (3) Client Name, (4) Business Name, (5) Street, (6) Address 2, (7) Town/City, (8) Postcode, (9) Phone Number, (10) Email Address and (11) Website Address form fields in (c) new_customer.php; and unspecified fields in (d) search.php and (e) client-results.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "32649", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/32649"}, {"name": "32647", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/32647"}, {"name": "32648", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/32648"}, {"name": "23625", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23625"}, {"name": "2119", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2119"}, {"name": "32646", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/32646"}, {"name": "ADV-2007-0081", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/0081"}, {"name": "20070106 Fix & Chips CMS v1.0", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/456121/100/0/threaded"}, {"name": "32650", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/32650"}, {"name": "fixandchips-multiple-scripts-xss(31319)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31319"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-0146", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Fix and Chips CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in (a) delete-announce.php; the (2) Announcement form field in (b) staff.php; the (3) Client Name, (4) Business Name, (5) Street, (6) Address 2, (7) Town/City, (8) Postcode, (9) Phone Number, (10) Email Address and (11) Website Address form fields in (c) new_customer.php; and unspecified fields in (d) search.php and (e) client-results.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "32649", "refsource": "OSVDB", "url": "http://www.osvdb.org/32649"}, {"name": "32647", "refsource": "OSVDB", "url": "http://www.osvdb.org/32647"}, {"name": "32648", "refsource": "OSVDB", "url": "http://www.osvdb.org/32648"}, {"name": "23625", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23625"}, {"name": "2119", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2119"}, {"name": "32646", "refsource": "OSVDB", "url": "http://www.osvdb.org/32646"}, {"name": "ADV-2007-0081", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0081"}, {"name": "20070106 Fix & Chips CMS v1.0", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/456121/100/0/threaded"}, {"name": "32650", "refsource": "OSVDB", "url": "http://www.osvdb.org/32650"}, {"name": "fixandchips-multiple-scripts-xss(31319)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31319"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T12:03:37.221Z"}, "title": "CVE Program Container", "references": [{"name": "32649", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/32649"}, {"name": "32647", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/32647"}, {"name": "32648", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/32648"}, {"name": "23625", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23625"}, {"name": "2119", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/2119"}, {"name": "32646", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/32646"}, {"name": "ADV-2007-0081", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/0081"}, {"name": "20070106 Fix & Chips CMS v1.0", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/456121/100/0/threaded"}, {"name": "32650", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/32650"}, {"name": "fixandchips-multiple-scripts-xss(31319)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31319"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-0146", "datePublished": "2007-01-09T18:00:00", "dateReserved": "2007-01-09T00:00:00", "dateUpdated": "2024-08-07T12:03:37.221Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fix_and_chips_computer_services:fix_and_chips_cms:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "652B283B-604D-4643-B754-3EB51E4E1A0D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Fix and Chips CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in (a) delete-announce.php; the (2) Announcement form field in (b) staff.php; the (3) Client Name, (4) Business Name, (5) Street, (6) Address 2, (7) Town/City, (8) Postcode, (9) Phone Number, (10) Email Address and (11) Website Address form fields in (c) new_customer.php; and unspecified fields in (d) search.php and (e) client-results.php."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Fix and Chips CMS1.0 permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de los par\u00e1metros (1) id en (a) delete-announce.php; (2) el campo de formulario Announcement de (b) staff.php; los campos de formulario (3) Client Name, (4) Business Name, (5) Street, (6) Address 2, (7) Town/City, (8) Postcode, (9) Phone Number, (10) Email Address y (11) Website Address en (c) new_customer.php;y campos no especificados en (d) search.php y (e) client-results.php."}], "id": "CVE-2007-0146", "lastModified": "2024-11-21T00:25:06.037", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-01-09T18:28:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/23625"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2119"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/32646"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/32647"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/32648"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/32649"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/32650"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/456121/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/0081"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31319"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/23625"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/2119"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/32646"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/32647"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/32648"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/32649"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/32650"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/456121/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/0081"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31319"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}