ID

VAR-200711-0112


CVE

CVE-2007-5993


TITLE

VTLS vtls.web.gateway of Visionary Technology Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2007-006327

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Visionary Technology in Library Solutions (VTLS) vtls.web.gateway before 48.1.1 allows remote attackers to inject arbitrary web script or HTML via the searchtype parameter. Web Gateway is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker to steal cookie-based authentication credentials and to launch other attacks. This issue affects versions prior to Web Gateway 48.1.1. ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. Input passed to the "searchtype" parameter in vtls.web.gateway is not properly sanitised before being returned to the user. The vulnerability is reported in version 48.1.0. SOLUTION: Update to version 48.1.1. PROVIDED AND/OR DISCOVERED BY: Jesus Olmos Gonzalez, Internet Security Auditors, S.L. ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2007-5993 // JVNDB: JVNDB-2007-006327 // BID: 26419 // VULHUB: VHN-29355 // PACKETSTORM: 61006

AFFECTED PRODUCTS

vendor:vtlsmodel:vtls.web.gatewayscope:lteversion:48.1

Trust: 1.0

vendor:vtlsmodel:vtls.web.gatewayscope:ltversion:48.1.1

Trust: 0.8

vendor:vtlsmodel:vtls.web.gatewayscope:eqversion:48.1

Trust: 0.6

vendor:vtlsmodel:web gatewayscope:eqversion:48.1

Trust: 0.3

vendor:vtlsmodel:web gatewayscope:neversion:48.1.1

Trust: 0.3

sources: BID: 26419 // JVNDB: JVNDB-2007-006327 // CNNVD: CNNVD-200711-242 // NVD: CVE-2007-5993

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-5993
value: MEDIUM

Trust: 1.0

NVD: CVE-2007-5993
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200711-242
value: MEDIUM

Trust: 0.6

VULHUB: VHN-29355
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2007-5993
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-29355
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-29355 // JVNDB: JVNDB-2007-006327 // CNNVD: CNNVD-200711-242 // NVD: CVE-2007-5993

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-29355 // JVNDB: JVNDB-2007-006327 // NVD: CVE-2007-5993

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200711-242

TYPE

xss

Trust: 0.7

sources: PACKETSTORM: 61006 // CNNVD: CNNVD-200711-242

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-006327

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-29355

PATCH

title:Top Pageurl:http://www.vtls.com/

Trust: 0.8

sources: JVNDB: JVNDB-2007-006327

EXTERNAL IDS

db:NVDid:CVE-2007-5993

Trust: 2.8

db:BIDid:26419

Trust: 2.0

db:SECUNIAid:27661

Trust: 1.8

db:OSVDBid:38708

Trust: 1.7

db:SREASONid:3369

Trust: 1.7

db:JVNDBid:JVNDB-2007-006327

Trust: 0.8

db:BUGTRAQid:20071113 [ISECAUDITORS SECURITY ADVISORIES] VTLS.WEB.GATEWAY CGI IS VULNERABLE TO XSS

Trust: 0.6

db:XFid:38444

Trust: 0.6

db:CNNVDid:CNNVD-200711-242

Trust: 0.6

db:EXPLOIT-DBid:30759

Trust: 0.1

db:SEEBUGid:SSVID-84126

Trust: 0.1

db:VULHUBid:VHN-29355

Trust: 0.1

db:PACKETSTORMid:61006

Trust: 0.1

sources: VULHUB: VHN-29355 // BID: 26419 // JVNDB: JVNDB-2007-006327 // PACKETSTORM: 61006 // CNNVD: CNNVD-200711-242 // NVD: CVE-2007-5993

REFERENCES

url:http://www.securityfocus.com/bid/26419

Trust: 1.7

url:http://osvdb.org/38708

Trust: 1.7

url:http://secunia.com/advisories/27661

Trust: 1.7

url:http://securityreason.com/securityalert/3369

Trust: 1.7

url:http://www.securityfocus.com/archive/1/483622/100/0/threaded

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/38444

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5993

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-5993

Trust: 0.8

url:http://xforce.iss.net/xforce/xfdb/38444

Trust: 0.6

url:http://www.securityfocus.com/archive/1/archive/1/483622/100/0/threaded

Trust: 0.6

url:http://www.vtls.com/products/index.shtml

Trust: 0.3

url:/archive/1/483622

Trust: 0.3

url:http://secunia.com/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/advisories/27661/

Trust: 0.1

url:http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv

Trust: 0.1

url:http://secunia.com/product/16569/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/about_secunia_advisories/

Trust: 0.1

sources: VULHUB: VHN-29355 // BID: 26419 // JVNDB: JVNDB-2007-006327 // PACKETSTORM: 61006 // CNNVD: CNNVD-200711-242 // NVD: CVE-2007-5993

CREDITS

Jesus Olmos Gonzalez is credited with the discovery of this vulnerability.

Trust: 0.9

sources: BID: 26419 // CNNVD: CNNVD-200711-242

SOURCES

db:VULHUBid:VHN-29355
db:BIDid:26419
db:JVNDBid:JVNDB-2007-006327
db:PACKETSTORMid:61006
db:CNNVDid:CNNVD-200711-242
db:NVDid:CVE-2007-5993

LAST UPDATE DATE

2025-04-10T23:25:43.532000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-29355date:2018-10-15T00:00:00
db:BIDid:26419date:2007-11-23T20:24:00
db:JVNDBid:JVNDB-2007-006327date:2012-12-20T00:00:00
db:CNNVDid:CNNVD-200711-242date:2007-11-16T00:00:00
db:NVDid:CVE-2007-5993date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:VULHUBid:VHN-29355date:2007-11-15T00:00:00
db:BIDid:26419date:2007-11-13T00:00:00
db:JVNDBid:JVNDB-2007-006327date:2012-12-20T00:00:00
db:PACKETSTORMid:61006date:2007-11-20T16:17:55
db:CNNVDid:CNNVD-200711-242date:2007-11-15T00:00:00
db:NVDid:CVE-2007-5993date:2007-11-15T22:46:00