CVE-2007-1991
published 2007-04-12CVE-2007-1991: Cross-site scripting (XSS) vulnerability in mail/signup.asp in CmailServer WebMail 5.4.3, and possibly earlier, allows remote attackers to inject arbitrary web…
PriorityP414medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.02%
59.1th percentile
Cross-site scripting (XSS) vulnerability in mail/signup.asp in CmailServer WebMail 5.4.3, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the Comment parameter, a different vector than CVE-2007-1927.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| youngzsoft | cmailserver | <= 5.4.3 | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat6.4MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-q866-9m3h-92xr: Cross-site scripting (XSS) vulnerability in mail/signup
ghsa_unreviewed·2022-05-01·CVSS 4.3
CVE-2007-1991 [MEDIUM] GHSA-q866-9m3h-92xr: Cross-site scripting (XSS) vulnerability in mail/signup
Cross-site scripting (XSS) vulnerability in mail/signup.asp in CmailServer WebMail 5.4.3, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the Comment parameter, a different vector than CVE-2007-1927.
Red Hat
CVE-2007-1375: Integer overflow in the substr_compare function in PHP 5
vendor_redhat·CVSS 6.4
CVE-2007-1375 [MEDIUM] CVE-2007-1375: Integer overflow in the substr_compare function in PHP 5
Integer overflow in the substr_compare function in PHP 5.2.1 and earlier allows context-dependent attackers to read sensitive memory via a large value in the length argument, a different vulnerability than CVE-2006-1991.
Statement: We do not consider this flaw to be a security issue as it is only exploitable by the script author. No trust boundary is crossed.
This flaw exists in versions of PHP as shipped in Red Hat Enterprise Linux 5 and Red Hat Application Stack 1.
These issue did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, Stronghold 4.0, or Red Hat Application Stack 2.
No detection rules found.
No writeups or analysis indexed.
2007-04-12
Published