Vulnerability-Lookup

CVE-2007-2592 (GCVE-0-2007-2592)

Vulnerability from cvelistv5 – Published: 2007-05-11 03:55 – Updated: 2024-08-07 13:42

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.sec-consult.com/289.html	x_refsource_MISC
	http://osvdb.org/34517	vdb-entryx_refsource_OSVDB
	http://support.novell.com/docs/Readmes/InfoDocume…	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2007/1727	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/26199	third-party-advisoryx_refsource_SECUNIA
	http://osvdb.org/34516	vdb-entryx_refsource_OSVDB
	http://osvdb.org/34515	vdb-entryx_refsource_OSVDB
	http://www.securityfocus.com/archive/1/468048/100…	mailing-listx_refsource_BUGTRAQ
	http://www.securitytracker.com/id?1018454	vdb-entryx_refsource_SECTRACK
	http://secunia.com/advisories/25212	third-party-advisoryx_refsource_SECUNIA
	http://securityreason.com/securityalert/2689	third-party-advisoryx_refsource_SREASON
	http://www.vupen.com/english/advisories/2007/2657	vdb-entryx_refsource_VUPEN
	http://www.securityfocus.com/bid/23889	vdb-entryx_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T13:42:33.445Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.sec-consult.com/289.html"
          },
          {
            "name": "34517",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/34517"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5005120.html"
          },
          {
            "name": "ADV-2007-1727",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/1727"
          },
          {
            "name": "26199",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26199"
          },
          {
            "name": "34516",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/34516"
          },
          {
            "name": "34515",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/34515"
          },
          {
            "name": "20070509 SEC Consult SA-20070509-0 :: Multiple vulnerabilites in Nokia Intellisync Mobile Suite \u0026 Wireless Email Express",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/468048/100/0/threaded"
          },
          {
            "name": "1018454",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018454"
          },
          {
            "name": "25212",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25212"
          },
          {
            "name": "2689",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/2689"
          },
          {
            "name": "ADV-2007-2657",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2657"
          },
          {
            "name": "23889",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/23889"
          },
          {
            "name": "nokia-multiple-scripts-xss(34187)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34187"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-05-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to de/pda/dev_logon.asp and (2) multiple unspecified vectors in (a) usrmgr/registerAccount.asp, (b) de/create_account.asp, and other files."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.sec-consult.com/289.html"
        },
        {
          "name": "34517",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/34517"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5005120.html"
        },
        {
          "name": "ADV-2007-1727",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/1727"
        },
        {
          "name": "26199",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26199"
        },
        {
          "name": "34516",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/34516"
        },
        {
          "name": "34515",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/34515"
        },
        {
          "name": "20070509 SEC Consult SA-20070509-0 :: Multiple vulnerabilites in Nokia Intellisync Mobile Suite \u0026 Wireless Email Express",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/468048/100/0/threaded"
        },
        {
          "name": "1018454",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018454"
        },
        {
          "name": "25212",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25212"
        },
        {
          "name": "2689",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/2689"
        },
        {
          "name": "ADV-2007-2657",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2657"
        },
        {
          "name": "23889",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/23889"
        },
        {
          "name": "nokia-multiple-scripts-xss(34187)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34187"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-2592",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to de/pda/dev_logon.asp and (2) multiple unspecified vectors in (a) usrmgr/registerAccount.asp, (b) de/create_account.asp, and other files."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.sec-consult.com/289.html",
              "refsource": "MISC",
              "url": "http://www.sec-consult.com/289.html"
            },
            {
              "name": "34517",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/34517"
            },
            {
              "name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5005120.html",
              "refsource": "CONFIRM",
              "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5005120.html"
            },
            {
              "name": "ADV-2007-1727",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/1727"
            },
            {
              "name": "26199",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26199"
            },
            {
              "name": "34516",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/34516"
            },
            {
              "name": "34515",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/34515"
            },
            {
              "name": "20070509 SEC Consult SA-20070509-0 :: Multiple vulnerabilites in Nokia Intellisync Mobile Suite \u0026 Wireless Email Express",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/468048/100/0/threaded"
            },
            {
              "name": "1018454",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018454"
            },
            {
              "name": "25212",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25212"
            },
            {
              "name": "2689",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/2689"
            },
            {
              "name": "ADV-2007-2657",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2657"
            },
            {
              "name": "23889",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/23889"
            },
            {
              "name": "nokia-multiple-scripts-xss(34187)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34187"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-2592",
    "datePublished": "2007-05-11T03:55:00",
    "dateReserved": "2007-05-10T00:00:00",
    "dateUpdated": "2024-08-07T13:42:33.445Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-2592\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-05-11T04:20:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple cross-site scripting (XSS) vulnerabilities in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to de/pda/dev_logon.asp and (2) multiple unspecified vectors in (a) usrmgr/registerAccount.asp, (b) de/create_account.asp, and other files.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples vulnerabilidades secuencias de comandos en sitios cruzados (XSS) en el Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107 y  6.6.2.2, posiblemente involucrando al Novell Groupwise Mobile Server y al Nokia Intellisync Wireless Email Express,  permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro (1) username en el de/pda/dev_logon.asp y (2) m\u00faltiples vectores sin especificar en  el (a) usrmgr/registerAccount.asp, (b) de/create_account.asp y otros archivos.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nokia:groupwise_mobile_server:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49230DA2-0B09-42BF-811B-1CCF56181FBC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nokia:intellisync_mobile_suite:6.4.31.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3E0EF3B-D4F6-4300-949B-F80285C43CAB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nokia:intellisync_mobile_suite:6.6.0.107:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB300678-04E7-4F6B-AE43-8931C2FF5F40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nokia:intellisync_mobile_suite:6.6.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1795FDF-D272-476F-85FA-D57A474CA3F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nokia:intellisync_wireless_email_express:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"75F41ABD-B71D-48B3-B911-8F0ED1BA8A83\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/34515\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/34516\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/34517\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/25212\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/26199\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securityreason.com/securityalert/2689\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5005120.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.sec-consult.com/289.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/468048/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/23889\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1018454\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/1727\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/2657\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/34187\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/34515\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/34516\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/34517\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/25212\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/26199\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securityreason.com/securityalert/2689\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5005120.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.sec-consult.com/289.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/468048/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/23889\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1018454\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/1727\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/2657\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/34187\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2007-2592

Vulnerability from fkie_nvd - Published: 2007-05-11 04:20 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://osvdb.org/34515
cve@mitre.org	http://osvdb.org/34516
cve@mitre.org	http://osvdb.org/34517
cve@mitre.org	http://secunia.com/advisories/25212	Patch, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/26199
cve@mitre.org	http://securityreason.com/securityalert/2689
cve@mitre.org	http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5005120.html
cve@mitre.org	http://www.sec-consult.com/289.html	Exploit, Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/archive/1/468048/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/23889
cve@mitre.org	http://www.securitytracker.com/id?1018454
cve@mitre.org	http://www.vupen.com/english/advisories/2007/1727
cve@mitre.org	http://www.vupen.com/english/advisories/2007/2657
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/34187
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/34515
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/34516
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/34517
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/25212	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26199
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/2689
af854a3a-2127-422b-91ae-364da2661108	http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5005120.html
af854a3a-2127-422b-91ae-364da2661108	http://www.sec-consult.com/289.html	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/468048/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/23889
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1018454
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/1727
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/2657
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/34187

Impacted products

Vendor	Product	Version
nokia	groupwise_mobile_server	*
nokia	intellisync_mobile_suite	6.4.31.2
nokia	intellisync_mobile_suite	6.6.0.107
nokia	intellisync_mobile_suite	6.6.2.2
nokia	intellisync_wireless_email_express	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nokia:groupwise_mobile_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "49230DA2-0B09-42BF-811B-1CCF56181FBC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nokia:intellisync_mobile_suite:6.4.31.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3E0EF3B-D4F6-4300-949B-F80285C43CAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nokia:intellisync_mobile_suite:6.6.0.107:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB300678-04E7-4F6B-AE43-8931C2FF5F40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nokia:intellisync_mobile_suite:6.6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1795FDF-D272-476F-85FA-D57A474CA3F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nokia:intellisync_wireless_email_express:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "75F41ABD-B71D-48B3-B911-8F0ED1BA8A83",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to de/pda/dev_logon.asp and (2) multiple unspecified vectors in (a) usrmgr/registerAccount.asp, (b) de/create_account.asp, and other files."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades secuencias de comandos en sitios cruzados (XSS) en el Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107 y  6.6.2.2, posiblemente involucrando al Novell Groupwise Mobile Server y al Nokia Intellisync Wireless Email Express,  permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro (1) username en el de/pda/dev_logon.asp y (2) m\u00faltiples vectores sin especificar en  el (a) usrmgr/registerAccount.asp, (b) de/create_account.asp y otros archivos."
    }
  ],
  "id": "CVE-2007-2592",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-05-11T04:20:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/34515"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/34516"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/34517"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/25212"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/26199"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/2689"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5005120.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://www.sec-consult.com/289.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/468048/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/23889"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1018454"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/1727"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/2657"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34187"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/34515"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/34516"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/34517"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/25212"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26199"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/2689"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5005120.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://www.sec-consult.com/289.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/468048/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/23889"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1018454"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/1727"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/2657"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34187"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-V72C-Q9W5-GCVR

Vulnerability from github – Published: 2022-05-01 18:05 – Updated: 2022-05-01 18:05

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-2592"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-05-11T04:20:00Z",
    "severity": "MODERATE"
  },
  "details": "Multiple cross-site scripting (XSS) vulnerabilities in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to de/pda/dev_logon.asp and (2) multiple unspecified vectors in (a) usrmgr/registerAccount.asp, (b) de/create_account.asp, and other files.",
  "id": "GHSA-v72c-q9w5-gcvr",
  "modified": "2022-05-01T18:05:10Z",
  "published": "2022-05-01T18:05:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2592"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34187"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/34515"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/34516"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/34517"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25212"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/26199"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/2689"
    },
    {
      "type": "WEB",
      "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5005120.html"
    },
    {
      "type": "WEB",
      "url": "http://www.sec-consult.com/289.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/468048/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/23889"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1018454"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/1727"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/2657"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2007-AVI-334

Vulnerability from certfr_avis - Published: 2007-07-26 - Updated: 2007-07-26

None

Description

Une vulnérabilité a été identifiée dans certains produits Cisco, elle permet à une personne malintentionnée d'effectuer un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Cisco	N/A	Cisco Unified Presence versions antérieures à 6.0(1).
	Cisco	N/A	Cisco Unified Call Manager 5.x et 6.x ;

References

Title

Publication Time

GSD-2007-2592

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-2592

Aliases

CVE-2007-2592

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-2592",
    "description": "Multiple cross-site scripting (XSS) vulnerabilities in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to de/pda/dev_logon.asp and (2) multiple unspecified vectors in (a) usrmgr/registerAccount.asp, (b) de/create_account.asp, and other files.",
    "id": "GSD-2007-2592"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-2592"
      ],
      "details": "Multiple cross-site scripting (XSS) vulnerabilities in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to de/pda/dev_logon.asp and (2) multiple unspecified vectors in (a) usrmgr/registerAccount.asp, (b) de/create_account.asp, and other files.",
      "id": "GSD-2007-2592",
      "modified": "2023-12-13T01:21:37.893821Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-2592",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple cross-site scripting (XSS) vulnerabilities in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to de/pda/dev_logon.asp and (2) multiple unspecified vectors in (a) usrmgr/registerAccount.asp, (b) de/create_account.asp, and other files."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.sec-consult.com/289.html",
            "refsource": "MISC",
            "url": "http://www.sec-consult.com/289.html"
          },
          {
            "name": "34517",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/34517"
          },
          {
            "name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5005120.html",
            "refsource": "CONFIRM",
            "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5005120.html"
          },
          {
            "name": "ADV-2007-1727",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/1727"
          },
          {
            "name": "26199",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/26199"
          },
          {
            "name": "34516",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/34516"
          },
          {
            "name": "34515",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/34515"
          },
          {
            "name": "20070509 SEC Consult SA-20070509-0 :: Multiple vulnerabilites in Nokia Intellisync Mobile Suite \u0026 Wireless Email Express",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/468048/100/0/threaded"
          },
          {
            "name": "1018454",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1018454"
          },
          {
            "name": "25212",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/25212"
          },
          {
            "name": "2689",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/2689"
          },
          {
            "name": "ADV-2007-2657",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/2657"
          },
          {
            "name": "23889",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/23889"
          },
          {
            "name": "nokia-multiple-scripts-xss(34187)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34187"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:nokia:intellisync_wireless_email_express:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nokia:groupwise_mobile_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nokia:intellisync_mobile_suite:6.4.31.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nokia:intellisync_mobile_suite:6.6.0.107:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nokia:intellisync_mobile_suite:6.6.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-2592"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to de/pda/dev_logon.asp and (2) multiple unspecified vectors in (a) usrmgr/registerAccount.asp, (b) de/create_account.asp, and other files."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.sec-consult.com/289.html",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Vendor Advisory"
              ],
              "url": "http://www.sec-consult.com/289.html"
            },
            {
              "name": "25212",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/25212"
            },
            {
              "name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5005120.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5005120.html"
            },
            {
              "name": "23889",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/23889"
            },
            {
              "name": "1018454",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1018454"
            },
            {
              "name": "26199",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/26199"
            },
            {
              "name": "2689",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/2689"
            },
            {
              "name": "ADV-2007-2657",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/2657"
            },
            {
              "name": "ADV-2007-1727",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/1727"
            },
            {
              "name": "34515",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/34515"
            },
            {
              "name": "34516",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/34516"
            },
            {
              "name": "34517",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/34517"
            },
            {
              "name": "nokia-multiple-scripts-xss(34187)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34187"
            },
            {
              "name": "20070509 SEC Consult SA-20070509-0 :: Multiple vulnerabilites in Nokia Intellisync Mobile Suite \u0026 Wireless Email Express",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/468048/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-16T16:44Z",
      "publishedDate": "2007-05-11T04:20Z"
    }
  }
}

VAR-200705-0289

Vulnerability from variot - Updated: 2025-04-10 19:59

Multiple cross-site scripting (XSS) vulnerabilities in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to de/pda/dev_logon.asp and (2) multiple unspecified vectors in (a) usrmgr/registerAccount.asp, (b) de/create_account.asp, and other files. (1) de/pda/dev_logon.asp To username Parameters (2) usrmgr/registerAccount.asp , de/create_account.asp Etc. Routes in unspecified files . Reports indicate that these issues reside only in the bundled package; Nokia Intellisync Mobile Suite may not be affected on its own. Successful attacks may allow an attacker to obtain sensitive information and carry out denial-of-service and cross-site scripting attacks.

Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure.

Join the FREE BETA test of the Network Software Inspector (NSI)! http://secunia.com/network_software_inspector/

The NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications.

TITLE: Nokia Intellisync Mobile Suite Multiple Vulnerabilities

SECUNIA ADVISORY ID: SA25212

VERIFY ADVISORY: http://secunia.com/advisories/25212/

CRITICAL: Moderately critical

IMPACT: Cross Site Scripting, Exposure of system information, Exposure of sensitive information, DoS

WHERE:

From remote

SOFTWARE: Intellisync Mobile Suite http://secunia.com/product/3450/

DESCRIPTION: Johannes Greil has reported some vulnerabilities in Nokia's Intellisync Mobile Suite, which can be exploited by malicious people to gain knowledge of sensitive information, conduct cross-site scripting attacks, manipulate certain data, or cause a DoS (Denial of Service).

1) Missing authentication checks within certain ASP scripts (e.g. userList.asp, userStatusList.asp) can be exploited to modify or gain knowledge of certain user details, or to disable user accounts.

2) Certain input passed to de/pda/dev_logon.asp, usrmgr/registerAccount.asp, and de/create_account.asp is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

3) An error within the bundled Apache Tomcat server can be exploited to disclose directory listings and script source codes.

The vulnerabilities are reported in versions 6.4.31.2, 6.6.0.107, and 6.6.2.2 and is reported to partially affect Nokia Intellisync Wireless Email Express. Other versions may also be affected.

SOLUTION: Upgrade to GMS 2.

PROVIDED AND/OR DISCOVERED BY: Johannes Greil, SEC Consult

ORIGINAL ADVISORY: http://www.sec-consult.com/289.html

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200705-0289",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "intellisync mobile suite",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "nokia",
        "version": "6.4.31.2"
      },
      {
        "model": "intellisync mobile suite",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "nokia",
        "version": "6.6.0.107"
      },
      {
        "model": "intellisync mobile suite",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nokia",
        "version": "6.6.2.2"
      },
      {
        "model": "groupwise mobile server",
        "scope": null,
        "trust": 1.4,
        "vendor": "nokia",
        "version": null
      },
      {
        "model": "intellisync wireless email express",
        "scope": null,
        "trust": 1.4,
        "vendor": "nokia",
        "version": null
      },
      {
        "model": "groupwise mobile server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "nokia",
        "version": "*"
      },
      {
        "model": "intellisync wireless email express",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "nokia",
        "version": "*"
      },
      {
        "model": "intellisync mobile suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nokia",
        "version": "and  6.6.2.2"
      },
      {
        "model": "groupwise mobile server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "1.0"
      },
      {
        "model": "groupwise mobile server hp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "novell",
        "version": "1.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "23889"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-003826"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200705-224"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2592"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:nokia:groupwise_mobile_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:nokia:intellisync_mobile_suite",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:nokia:intellisync_wireless_email_express",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-003826"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Johannes Greil discovered these issues.",
    "sources": [
      {
        "db": "BID",
        "id": "23889"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200705-224"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2007-2592",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2007-2592",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-25954",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2007-2592",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2007-2592",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200705-224",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-25954",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-25954"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-003826"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200705-224"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2592"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple cross-site scripting (XSS) vulnerabilities in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to de/pda/dev_logon.asp and (2) multiple unspecified vectors in (a) usrmgr/registerAccount.asp, (b) de/create_account.asp, and other files. (1) de/pda/dev_logon.asp To username Parameters (2) usrmgr/registerAccount.asp , de/create_account.asp Etc. Routes in unspecified files . Reports indicate that these issues reside only in the bundled package; Nokia Intellisync Mobile Suite may not be affected on its own. \nSuccessful attacks may allow an attacker to obtain sensitive information and carry out denial-of-service and cross-site scripting attacks. \n\n----------------------------------------------------------------------\n\nTry a new way to discover vulnerabilities that ALREADY EXIST in your\nIT infrastructure. \n\nJoin the FREE BETA test of the Network Software Inspector (NSI)!\nhttp://secunia.com/network_software_inspector/\n\nThe NSI enables you to INSPECT, DISCOVER, and DOCUMENT\nvulnerabilities in more than 4,000 different Windows applications. \n\n----------------------------------------------------------------------\n\nTITLE:\nNokia Intellisync Mobile Suite Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA25212\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/25212/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nCross Site Scripting, Exposure of system information, Exposure of\nsensitive information, DoS\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nIntellisync Mobile Suite\nhttp://secunia.com/product/3450/\n\nDESCRIPTION:\nJohannes Greil has reported some vulnerabilities in Nokia\u0027s\nIntellisync Mobile Suite, which can be exploited by malicious people\nto gain knowledge of sensitive information, conduct cross-site\nscripting attacks, manipulate certain data, or cause a DoS (Denial of\nService). \n\n1) Missing authentication checks within certain ASP scripts (e.g. \nuserList.asp, userStatusList.asp) can be exploited to modify or gain\nknowledge of certain user details, or to disable user accounts. \n\n2) Certain input passed to de/pda/dev_logon.asp,\nusrmgr/registerAccount.asp, and de/create_account.asp is not properly\nsanitised before being returned to the user. This can be exploited to\nexecute arbitrary HTML and script code in a user\u0027s browser session in\ncontext of an affected site. \n\n3) An error within the bundled Apache Tomcat server can be exploited\nto disclose directory listings and script source codes. \n\nThe vulnerabilities are reported in versions 6.4.31.2, 6.6.0.107, and\n6.6.2.2 and is reported to partially affect Nokia Intellisync Wireless\nEmail Express. Other versions may also be affected. \n\nSOLUTION:\nUpgrade to GMS 2. \n\nPROVIDED AND/OR DISCOVERED BY:\nJohannes Greil, SEC Consult\n\nORIGINAL ADVISORY:\nhttp://www.sec-consult.com/289.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-2592"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-003826"
      },
      {
        "db": "BID",
        "id": "23889"
      },
      {
        "db": "VULHUB",
        "id": "VHN-25954"
      },
      {
        "db": "PACKETSTORM",
        "id": "56572"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2007-2592",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "23889",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "25212",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "26199",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1018454",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2657",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1727",
        "trust": 1.7
      },
      {
        "db": "SREASON",
        "id": "2689",
        "trust": 1.7
      },
      {
        "db": "OSVDB",
        "id": "34517",
        "trust": 1.1
      },
      {
        "db": "OSVDB",
        "id": "34516",
        "trust": 1.1
      },
      {
        "db": "OSVDB",
        "id": "34515",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-003826",
        "trust": 0.8
      },
      {
        "db": "XF",
        "id": "34187",
        "trust": 0.6
      },
      {
        "db": "MISC",
        "id": "HTTP://WWW.SEC-CONSULT.COM/289.HTML",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20070509 SEC CONSULT SA-20070509-0 :: MULTIPLE VULNERABILITES IN NOKIA INTELLISYNC MOBILE SUITE \u0026 WIRELESS EMAIL EXPRESS",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200705-224",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-25954",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "56572",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-25954"
      },
      {
        "db": "BID",
        "id": "23889"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-003826"
      },
      {
        "db": "PACKETSTORM",
        "id": "56572"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200705-224"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2592"
      }
    ]
  },
  "id": "VAR-200705-0289",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-25954"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-04-10T19:59:54.555000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top page",
        "trust": 0.8,
        "url": "http://www.nokia.com/global/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-003826"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-2592"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://support.novell.com/docs/readmes/infodocument/patchbuilder/readme_5005120.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.sec-consult.com/289.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/23889"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id?1018454"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/25212"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/26199"
      },
      {
        "trust": 1.7,
        "url": "http://securityreason.com/securityalert/2689"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/468048/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://osvdb.org/34515"
      },
      {
        "trust": 1.1,
        "url": "http://osvdb.org/34516"
      },
      {
        "trust": 1.1,
        "url": "http://osvdb.org/34517"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2007/1727"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2007/2657"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34187"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2592"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-2592"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2007/1727"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/468048/100/0/threaded"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/34187"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2007/2657"
      },
      {
        "trust": 0.3,
        "url": "http://www.novell.com/products/groupwise/mobileserver/"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/468048"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/network_software_inspector/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/25212/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/3450/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-25954"
      },
      {
        "db": "BID",
        "id": "23889"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-003826"
      },
      {
        "db": "PACKETSTORM",
        "id": "56572"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200705-224"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2592"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-25954"
      },
      {
        "db": "BID",
        "id": "23889"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-003826"
      },
      {
        "db": "PACKETSTORM",
        "id": "56572"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200705-224"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2592"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-05-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-25954"
      },
      {
        "date": "2007-05-09T00:00:00",
        "db": "BID",
        "id": "23889"
      },
      {
        "date": "2012-09-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-003826"
      },
      {
        "date": "2007-05-10T00:32:46",
        "db": "PACKETSTORM",
        "id": "56572"
      },
      {
        "date": "2007-05-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200705-224"
      },
      {
        "date": "2007-05-11T04:20:00",
        "db": "NVD",
        "id": "CVE-2007-2592"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-16T00:00:00",
        "db": "VULHUB",
        "id": "VHN-25954"
      },
      {
        "date": "2007-07-26T23:05:00",
        "db": "BID",
        "id": "23889"
      },
      {
        "date": "2012-09-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-003826"
      },
      {
        "date": "2007-05-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200705-224"
      },
      {
        "date": "2025-04-09T00:30:58.490000",
        "db": "NVD",
        "id": "CVE-2007-2592"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200705-224"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Nokia Intellisync Mobile Suite Cross-site scripting vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-003826"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "xss",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "56572"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200705-224"
      }
    ],
    "trust": 0.7
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-2592 (GCVE-0-2007-2592)

FKIE_CVE-2007-2592

GHSA-V72C-Q9W5-GCVR

CERTA-2007-AVI-334

Description

Solution

GSD-2007-2592

VAR-200705-0289

Tags

Sightings

Nomenclature