Search criteria
5 vulnerabilities by atom
CVE-2018-1000006 (GCVE-0-2018-1000006)
Vulnerability from cvelistv5 – Published: 2018-01-24 23:00 – Updated: 2024-08-05 12:33
VLAI
Summary
GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, 1.6.15 and earlier has a vulnerability in the protocol handler, specifically Electron apps running on Windows 10, 7 or 2008 that register custom protocol handlers can be tricked in arbitrary command execution if the user clicks on a specially crafted URL. This has been fixed in versions 1.8.2-beta.4, 1.7.11, and 1.6.16.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/43899/ | exploitx_refsource_EXPLOIT-DB |
| https://github.com/electron/electron/releases/tag… | x_refsource_CONFIRM |
| https://medium.com/%40Wflki/exploiting-electron-r… | x_refsource_MISC |
| https://electronjs.org/blog/protocol-handler-fix | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/102796 | vdb-entryx_refsource_BID |
| https://www.exploit-db.com/exploits/44357/ | exploitx_refsource_EXPLOIT-DB |
Date Public
2018-01-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:33:49.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43899",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/43899/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/electron/electron/releases/tag/v1.8.2-beta.4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/%40Wflki/exploiting-electron-rce-in-exodus-wallet-d9e6db13c374"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://electronjs.org/blog/protocol-handler-fix"
},
{
"name": "102796",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102796"
},
{
"name": "44357",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44357/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-01-19T00:00:00.000Z",
"datePublic": "2018-01-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, 1.6.15 and earlier has a vulnerability in the protocol handler, specifically Electron apps running on Windows 10, 7 or 2008 that register custom protocol handlers can be tricked in arbitrary command execution if the user clicks on a specially crafted URL. This has been fixed in versions 1.8.2-beta.4, 1.7.11, and 1.6.16."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-31T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "43899",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/43899/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/electron/electron/releases/tag/v1.8.2-beta.4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/%40Wflki/exploiting-electron-rce-in-exodus-wallet-d9e6db13c374"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://electronjs.org/blog/protocol-handler-fix"
},
{
"name": "102796",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102796"
},
{
"name": "44357",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44357/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-01-19",
"ID": "CVE-2018-1000006",
"REQUESTER": "phillmv@github.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, 1.6.15 and earlier has a vulnerability in the protocol handler, specifically Electron apps running on Windows 10, 7 or 2008 that register custom protocol handlers can be tricked in arbitrary command execution if the user clicks on a specially crafted URL. This has been fixed in versions 1.8.2-beta.4, 1.7.11, and 1.6.16."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43899",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43899/"
},
{
"name": "https://github.com/electron/electron/releases/tag/v1.8.2-beta.4",
"refsource": "CONFIRM",
"url": "https://github.com/electron/electron/releases/tag/v1.8.2-beta.4"
},
{
"name": "https://medium.com/@Wflki/exploiting-electron-rce-in-exodus-wallet-d9e6db13c374",
"refsource": "MISC",
"url": "https://medium.com/@Wflki/exploiting-electron-rce-in-exodus-wallet-d9e6db13c374"
},
{
"name": "https://electronjs.org/blog/protocol-handler-fix",
"refsource": "CONFIRM",
"url": "https://electronjs.org/blog/protocol-handler-fix"
},
{
"name": "102796",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102796"
},
{
"name": "44357",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44357/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000006",
"datePublished": "2018-01-24T23:00:00.000Z",
"dateReserved": "2018-01-19T00:00:00.000Z",
"dateUpdated": "2024-08-05T12:33:49.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000424 (GCVE-0-2017-1000424)
Vulnerability from cvelistv5 – Published: 2018-01-02 20:00 – Updated: 2024-09-16 20:27
VLAI
Summary
Github Electron version 1.6.4 - 1.6.11 and 1.7.0 - 1.7.5 is vulnerable to a URL Spoofing problem when opening PDFs in PDFium resulting loading arbitrary PDFs that a hacker can control.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/electron/electron/pull/10008 | x_refsource_CONFIRM |
| https://github.com/electron/electron/pull/10008/files | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:00:41.191Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/electron/electron/pull/10008"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/electron/electron/pull/10008/files"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-12-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Github Electron version 1.6.4 - 1.6.11 and 1.7.0 - 1.7.5 is vulnerable to a URL Spoofing problem when opening PDFs in PDFium resulting loading arbitrary PDFs that a hacker can control."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-02T20:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/electron/electron/pull/10008"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/electron/electron/pull/10008/files"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-12-29",
"ID": "CVE-2017-1000424",
"REQUESTER": "qazbnm456@gmail.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Github Electron version 1.6.4 - 1.6.11 and 1.7.0 - 1.7.5 is vulnerable to a URL Spoofing problem when opening PDFs in PDFium resulting loading arbitrary PDFs that a hacker can control."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/electron/electron/pull/10008",
"refsource": "CONFIRM",
"url": "https://github.com/electron/electron/pull/10008"
},
{
"name": "https://github.com/electron/electron/pull/10008/files",
"refsource": "CONFIRM",
"url": "https://github.com/electron/electron/pull/10008/files"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000424",
"datePublished": "2018-01-02T20:00:00.000Z",
"dateReserved": "2018-01-02T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:27:54.138Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1202 (GCVE-0-2016-1202)
Vulnerability from cvelistv5 – Published: 2016-04-25 18:00 – Updated: 2024-08-05 22:48
VLAI
Summary
Untrusted search path vulnerability in Atom Electron before 0.33.5 allows local users to gain privileges via a Trojan horse Node.js module in a parent directory of a directory named on a require line.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/electron/electron/commit/9a2e2… | x_refsource_CONFIRM |
| http://jvndb.jvn.jp/jvndb/JVNDB-2016-000054 | third-party-advisoryx_refsource_JVNDB |
| https://github.com/electron/electron/pull/2976 | x_refsource_CONFIRM |
| http://jvn.jp/en/jp/JVN00324715/index.html | third-party-advisoryx_refsource_JVN |
Date Public
2016-04-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:48:13.547Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/electron/electron/commit/9a2e2b365d061ec10cd861391fd5b1344af7194d"
},
{
"name": "JVNDB-2016-000054",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000054"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/electron/electron/pull/2976"
},
{
"name": "JVN#00324715",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN00324715/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Atom Electron before 0.33.5 allows local users to gain privileges via a Trojan horse Node.js module in a parent directory of a directory named on a require line."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-04-25T17:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/electron/electron/commit/9a2e2b365d061ec10cd861391fd5b1344af7194d"
},
{
"name": "JVNDB-2016-000054",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000054"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/electron/electron/pull/2976"
},
{
"name": "JVN#00324715",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN00324715/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-1202",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Atom Electron before 0.33.5 allows local users to gain privileges via a Trojan horse Node.js module in a parent directory of a directory named on a require line."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/electron/electron/commit/9a2e2b365d061ec10cd861391fd5b1344af7194d",
"refsource": "CONFIRM",
"url": "https://github.com/electron/electron/commit/9a2e2b365d061ec10cd861391fd5b1344af7194d"
},
{
"name": "JVNDB-2016-000054",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000054"
},
{
"name": "https://github.com/electron/electron/pull/2976",
"refsource": "CONFIRM",
"url": "https://github.com/electron/electron/pull/2976"
},
{
"name": "JVN#00324715",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN00324715/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-1202",
"datePublished": "2016-04-25T18:00:00.000Z",
"dateReserved": "2015-12-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T22:48:13.547Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3135 (GCVE-0-2007-3135)
Vulnerability from cvelistv5 – Published: 2007-06-08 16:00 – Updated: 2024-08-07 14:05
VLAI
Summary
Cross-site scripting (XSS) vulnerability in atomPhotoBlog.php in Atom Photoblog 1.0.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the tag parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/24363 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://securityreason.com/securityalert/2787 | third-party-advisoryx_refsource_SREASON |
| http://sourceforge.net/project/shownotes.php?grou… | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/470750/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/25562 | third-party-advisoryx_refsource_SECUNIA |
| http://osvdb.org/37046 | vdb-entryx_refsource_OSVDB |
| http://www.secvsn.com/content/Advisories/sr-06060… | x_refsource_MISC |
Date Public
2007-06-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:05:29.597Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "24363",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24363"
},
{
"name": "atom-photoblog-tag-xss(34768)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34768"
},
{
"name": "2787",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2787"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=186464\u0026release_id=514101"
},
{
"name": "20070607 Atom PhotoBlog v1.0.9 XSS vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/470750/100/0/threaded"
},
{
"name": "25562",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25562"
},
{
"name": "37046",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37046"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.secvsn.com/content/Advisories/sr-060607-atomphotoblog.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in atomPhotoBlog.php in Atom Photoblog 1.0.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the tag parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "24363",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24363"
},
{
"name": "atom-photoblog-tag-xss(34768)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34768"
},
{
"name": "2787",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2787"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=186464\u0026release_id=514101"
},
{
"name": "20070607 Atom PhotoBlog v1.0.9 XSS vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/470750/100/0/threaded"
},
{
"name": "25562",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25562"
},
{
"name": "37046",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37046"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.secvsn.com/content/Advisories/sr-060607-atomphotoblog.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3135",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in atomPhotoBlog.php in Atom Photoblog 1.0.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the tag parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24363",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24363"
},
{
"name": "atom-photoblog-tag-xss(34768)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34768"
},
{
"name": "2787",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2787"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=186464\u0026release_id=514101",
"refsource": "MISC",
"url": "http://sourceforge.net/project/shownotes.php?group_id=186464\u0026release_id=514101"
},
{
"name": "20070607 Atom PhotoBlog v1.0.9 XSS vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/470750/100/0/threaded"
},
{
"name": "25562",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25562"
},
{
"name": "37046",
"refsource": "OSVDB",
"url": "http://osvdb.org/37046"
},
{
"name": "http://www.secvsn.com/content/Advisories/sr-060607-atomphotoblog.html",
"refsource": "MISC",
"url": "http://www.secvsn.com/content/Advisories/sr-060607-atomphotoblog.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3135",
"datePublished": "2007-06-08T16:00:00.000Z",
"dateReserved": "2007-06-08T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:05:29.597Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3134 (GCVE-0-2007-3134)
Vulnerability from cvelistv5 – Published: 2007-06-08 16:00 – Updated: 2024-08-07 14:05
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in atomPhotoBlog.php in Atom PhotoBlog 1.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Your Name, (2) Your Homepage, and (3) Your Comment fields, when using "Approve Comments."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://sourceforge.net/project/shownotes.php?grou… | x_refsource_MISC |
| http://secunia.com/advisories/25562 | third-party-advisoryx_refsource_SECUNIA |
| http://osvdb.org/37046 | vdb-entryx_refsource_OSVDB |
Date Public
2007-06-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:05:29.213Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "atom-photoblog-atomphotoblog-xss(34767)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34767"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=186464\u0026release_id=514101"
},
{
"name": "25562",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25562"
},
{
"name": "37046",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37046"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in atomPhotoBlog.php in Atom PhotoBlog 1.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Your Name, (2) Your Homepage, and (3) Your Comment fields, when using \"Approve Comments.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "atom-photoblog-atomphotoblog-xss(34767)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34767"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=186464\u0026release_id=514101"
},
{
"name": "25562",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25562"
},
{
"name": "37046",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37046"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3134",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in atomPhotoBlog.php in Atom PhotoBlog 1.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Your Name, (2) Your Homepage, and (3) Your Comment fields, when using \"Approve Comments.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "atom-photoblog-atomphotoblog-xss(34767)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34767"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=186464\u0026release_id=514101",
"refsource": "MISC",
"url": "http://sourceforge.net/project/shownotes.php?group_id=186464\u0026release_id=514101"
},
{
"name": "25562",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25562"
},
{
"name": "37046",
"refsource": "OSVDB",
"url": "http://osvdb.org/37046"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3134",
"datePublished": "2007-06-08T16:00:00.000Z",
"dateReserved": "2007-06-08T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:05:29.213Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}