CVE-2007-3930
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Interpretation conflict between Microsoft Internet Explorer and DocuWiki before 2007-06-26b allows remote attackers to inject arbitrary JavaScript and conduct cross-site scripting (XSS) attacks when spellchecking UTF-8 encoded messages via the spell_utf8test function in lib/exe/spellcheck.php, which triggers HTML document identification and script execution by Internet Explorer even though the Content-Type header is text/plain.
Conflicto de Interpretación entre Microsoft Internet Explorer y DocuWiki versiones anteriores a 2007-06-26b permite a atacantes remotos inyectar scripts JavaScript de su elección y conducir ataques de secuencias de comandos en sitios cruzados (XSS) mientras se comprueba la ortografía de mensajes codificados UTF-8 mediante la función spell_utf8test en lib/exe/spellcheck.php, que dispara identificación de documento HTML y ejecución de script mediante Internet Explorer aún siendo la cabecera Content-Type de tipo text/plain.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-07-20 CVE Reserved
- 2007-07-21 CVE Published
- 2024-08-07 CVE Updated
- 2024-10-24 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (9)
URL | Tag | Source |
---|---|---|
http://bugs.splitbrain.org/index.php?do=details&task_id=1195 | X_refsource_misc | |
http://osvdb.org/38319 | Vdb Entry | |
http://secunia.com/advisories/26150 | Third Party Advisory | |
http://securityreason.com/securityalert/2908 | Third Party Advisory | |
http://wiki.splitbrain.org/wiki%3Achanges | X_refsource_confirm | |
http://www.securityfocus.com/archive/1/474144/100/0/threaded | Mailing List | |
http://www.securityfocus.com/bid/24973 | Vdb Entry | |
http://www.vupen.com/english/advisories/2007/2617 | Vdb Entry | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/35501 | Vdb Entry |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | * | - |
Affected
| ||||||
Wiki Search vendor "Wiki" | Dokuwiki Search vendor "Wiki" for product "Dokuwiki" | <= 2007-06-26 Search vendor "Wiki" for product "Dokuwiki" and version " <= 2007-06-26" | - |
Affected
|