Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-0183

4 documents4 sources

Severity

6.8MEDIUM

EPSS

4.5%

top 10.88%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

SUN Iplanet WEB Server

Timeline

PublishedJan 12

Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in /search in iPlanet Web Server 4.x allows remote attackers to inject arbitrary web script or HTML via the NS-max-records parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDsun/iplanet_web_server4.1

Patches

Patch: secunia.com ↗Patch: www.securityfocus.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-cc45-64h4-cw85: Cross-site scripting (XSS) vulnerability in /search in iPlanet Web Server 4↗2022-05-01

▶

CVEList

CVE-2007-0183: Cross-site scripting (XSS) vulnerability in /search in iPlanet Web Server 4↗2007-01-11

▶

💥Exploits & PoCs

Exploit-DB

iPlanet Web Server 4.1 - Search Module Cross-Site Scripting↗2007-01-09

▶