Vulnerability Report

CVE-2007-0437

Title: Intersystems Cache Database Cross-Site Scripting (XSS)

Cross-Site Scripting (XSS)

Proof Of Concept

No public PoC currently indexed for CVE-2007-0437.

CWE Category NVD-CWE-noinfo
Published Date Aug 20, 2007
Modified Date Apr 09, 2025
Exploit Status Not Found
Score 3.5 CVSS v2.0
Exploit Probability (EPSS)
0.23%

Vulnerability Summary

CVE-2007-0437: Multiple cross-site scripting (XSS) vulnerabilities in the sample Cache' Server Page (CSP) scripts in InterSystems Cache' allow remote attackers to inject arbitrary web script or HTML via (1) the TO parameter to loop.csp, (2) the VALUE parameter to cookie.csp, and (3) the PAGE parameter to showsource.csp in csp/samples/; and allow remote authenticated users to inject arbitrary web script or HTML via (4) the ERROR parameter to csp/samples/xmlclasseserror.csp, and unspecified vectors in (5) object.csp and (6) lotteryhistory.csp in csp/samples/.

Impacted Vendors

I
intersystems 1

Reference Links

http://www.cpni.gov.uk/Products/alerts/2928.aspx http://www.mwrinfosecurity.com/advisories/mwri_cache-sample-files-xss-advisory_2007-04-04.pdf http://www.mwrinfosecurity.com/news/1658.html http://www.cpni.gov.uk/Products/alerts/2928.aspx http://www.mwrinfosecurity.com/advisories/mwri_cache-sample-files-xss-advisory_2007-04-04.pdf http://www.mwrinfosecurity.com/news/1658.html
CVSS v2.0
Source Entity [email protected]
Severity LOW
3.5
Access Vector
N/A
Authentication
N/A
RAW VECTOR AV:N/AC:M/Au:S/C:N/I:P/A:N

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2007-0437 Exploits & PoCs (Proof Of Concept)

No public PoCs found in our database for this CVE.

MODIFIED

Vulnerability data or affected products updated.

PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A
Complexity N/A
Privileges N/A
Interaction NONE
CVSS Vector String AV:N/AC:M/Au:S/C:N/I:P/A:N

Affected Stack

No specific products linked.