[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-3033Date: (C)2007-08-14   (M)2023-12-22


Cross-site scripting (XSS) vulnerability in Windows Vista Feed Headlines Gadget (aka Sidebar RSS Feeds Gadget) in Windows Vista allows user-assisted remote attackers to execute arbitrary code via an RSS feed with crafted HTML attributes, which are not properly removed and are rendered in the local zone.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECTRACK-1018566
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=575
BID-25287
SECUNIA-26439
ADV-2007-2872
MS07-048
TA07-226A
VU#558648
oval:org.mitre.oval:def:2152

CPE    2
cpe:/o:microsoft:windows_vista:::x64
cpe:/o:microsoft:windows_vista
CWE    1
CWE-79
OVAL    1
oval:org.mitre.oval:def:2152

© SecPod Technologies