CVE-2007-0876 - Vulnerability Details - OpenCVE

Cross-site scripting (XSS) vulnerability in Quick Digital Image Gallery (Qdig) 1.2.9.3 and devel-20060624 allows remote attackers to inject arbitrary web script or HTML via the Qwd parameter to the top-level URI.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Qdig	Qdig

Configuration 1 [-]

OR	cpe:2.3:a:qdig:qdig:1.2.9.3:::::::*
	cpe:2.3:a:qdig:qdig:2006-06-24_dev:::::::*

No data.

References

Link	Providers
http://osvdb.org/32194
http://secunia.com/advisories/24110
http://sourceforge.net/project/shownotes.php?group_id=69837&release_id=485558
http://www.securityfocus.com/archive/1/459664/100/0/threaded
http://www.securityfocus.com/archive/1/459791/100/0/threaded
http://www.securityfocus.com/bid/22510
http://www.vupen.com/english/advisories/2007/0555
https://exchange.xforce.ibmcloud.com/vulnerabilities/32421

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-02-12T19:00:00

Updated: 2024-08-07T12:34:21.251Z

Reserved: 2007-02-12T00:00:00

Link: CVE-2007-0876

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-02-12T19:28:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-0876

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-02-10T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Quick Digital Image Gallery (Qdig) 1.2.9.3 and devel-20060624 allows remote attackers to inject arbitrary web script or HTML via the Qwd parameter to the top-level URI."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/project/shownotes.php?group_id=69837&release_id=485558"}, {"name": "24110", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24110"}, {"name": "qdig-qwd-xss(32421)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32421"}, {"name": "20070210 [XSS] Qdig - Quick Digital Image Gallery Version 1.2.9.3 and -devel", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/459664/100/0/threaded"}, {"name": "ADV-2007-0555", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/0555"}, {"name": "20070211 Re: [XSS] Qdig - Quick Digital Image Gallery Version 1.2.9.3 and -devel", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/459791/100/0/threaded"}, {"name": "32194", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/32194"}, {"name": "22510", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/22510"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-0876", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in Quick Digital Image Gallery (Qdig) 1.2.9.3 and devel-20060624 allows remote attackers to inject arbitrary web script or HTML via the Qwd parameter to the top-level URI."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://sourceforge.net/project/shownotes.php?group_id=69837&release_id=485558", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?group_id=69837&release_id=485558"}, {"name": "24110", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24110"}, {"name": "qdig-qwd-xss(32421)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32421"}, {"name": "20070210 [XSS] Qdig - Quick Digital Image Gallery Version 1.2.9.3 and -devel", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/459664/100/0/threaded"}, {"name": "ADV-2007-0555", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0555"}, {"name": "20070211 Re: [XSS] Qdig - Quick Digital Image Gallery Version 1.2.9.3 and -devel", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/459791/100/0/threaded"}, {"name": "32194", "refsource": "OSVDB", "url": "http://osvdb.org/32194"}, {"name": "22510", "refsource": "BID", "url": "http://www.securityfocus.com/bid/22510"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T12:34:21.251Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://sourceforge.net/project/shownotes.php?group_id=69837&release_id=485558"}, {"name": "24110", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24110"}, {"name": "qdig-qwd-xss(32421)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32421"}, {"name": "20070210 [XSS] Qdig - Quick Digital Image Gallery Version 1.2.9.3 and -devel", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/459664/100/0/threaded"}, {"name": "ADV-2007-0555", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/0555"}, {"name": "20070211 Re: [XSS] Qdig - Quick Digital Image Gallery Version 1.2.9.3 and -devel", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/459791/100/0/threaded"}, {"name": "32194", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/32194"}, {"name": "22510", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/22510"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-0876", "datePublished": "2007-02-12T19:00:00", "dateReserved": "2007-02-12T00:00:00", "dateUpdated": "2024-08-07T12:34:21.251Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qdig:qdig:1.2.9.3:*:*:*:*:*:*:*", "matchCriteriaId": "1FAE10C7-E7BB-4BA9-9E3C-02EDF1F8CA8C", "vulnerable": true}, {"criteria": "cpe:2.3:a:qdig:qdig:2006-06-24_dev:*:*:*:*:*:*:*", "matchCriteriaId": "6F5046AD-549E-4270-89E6-019A2BCD8F14", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Quick Digital Image Gallery (Qdig) 1.2.9.3 and devel-20060624 allows remote attackers to inject arbitrary web script or HTML via the Qwd parameter to the top-level URI."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Quick Digital Image Gallery (Qdig) 1.2.9.3 y devel-20060624 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro Qwd del URI de nivel superior."}], "id": "CVE-2007-0876", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-02-12T19:28:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/32194"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/24110"}, {"source": "cve@mitre.org", "url": "http://sourceforge.net/project/shownotes.php?group_id=69837&release_id=485558"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/459664/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/archive/1/459791/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/22510"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/0555"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32421"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/32194"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24110"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sourceforge.net/project/shownotes.php?group_id=69837&release_id=485558"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/459664/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.securityfocus.com/archive/1/459791/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/22510"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/0555"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32421"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}