CVE-2007-6421Cross-site Scripting in Apache Http Server

CWE-79Cross-site Scripting9 documents8 sources
Severity
3.5LOWNVD
EPSS
3.2%
top 12.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Http Server
Timeline
PublishedJan 8
Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages1 packages

NVDapache/http_server6 versions+5

🔴Vulnerability Details

3
GHSA
GHSA-g65v-mwjw-wg6c: Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 22022-05-01
OSV
CVE-2007-6421: Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 22008-01-08
CVEList
CVE-2007-6421: Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 22008-01-08

💥Exploits & PoCs

2
Exploit-DB
Microsoft SharePoint Server 2007 - Cross-Site Scripting2010-04-29
Exploit-DB
Social Site Generator 2.0 - 'path' Remote File Inclusion2008-05-31

📋Vendor Advisories

3
Ubuntu
Apache vulnerabilities2008-02-04
Red Hat
httpd mod_proxy_balancer cross-site scripting2008-01-02
Debian
CVE-2007-6421: apache2 - Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balanc...2007
CVE-2007-6421 — Cross-site Scripting in Apache | cvebase