CVE-2007-5547 - Vulnerability Details - OpenCVE

Cross-site scripting (XSS) vulnerability in Cisco IOS allows remote attackers to inject arbitrary web script or HTML, and execute IOS commands, via unspecified vectors, aka PSIRT-2022590358. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Ios

Configuration 1 [-]

cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://osvdb.org/43742
http://www.irmplc.com/index.php/111-Vendor-Alerts

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-10-18T20:00:00

Updated: 2024-08-07T15:31:59.137Z

Reserved: 2007-10-18T00:00:00

Link: CVE-2007-5547

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-10-18T20:17:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-5547

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-10-16T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Cisco IOS allows remote attackers to inject arbitrary web script or HTML, and execute IOS commands, via unspecified vectors, aka PSIRT-2022590358. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2008-11-15T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "43742", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/43742"}, {"tags": ["x_refsource_MISC"], "url": "http://www.irmplc.com/index.php/111-Vendor-Alerts"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-5547", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in Cisco IOS allows remote attackers to inject arbitrary web script or HTML, and execute IOS commands, via unspecified vectors, aka PSIRT-2022590358. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "43742", "refsource": "OSVDB", "url": "http://osvdb.org/43742"}, {"name": "http://www.irmplc.com/index.php/111-Vendor-Alerts", "refsource": "MISC", "url": "http://www.irmplc.com/index.php/111-Vendor-Alerts"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T15:31:59.137Z"}, "title": "CVE Program Container", "references": [{"name": "43742", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/43742"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.irmplc.com/index.php/111-Vendor-Alerts"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-5547", "datePublished": "2007-10-18T20:00:00", "dateReserved": "2007-10-18T00:00:00", "dateUpdated": "2024-08-07T15:31:59.137Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*", "matchCriteriaId": "5802E2D8-7069-474C-826F-AEE7B50BFE34", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Cisco IOS allows remote attackers to inject arbitrary web script or HTML, and execute IOS commands, via unspecified vectors, aka PSIRT-2022590358. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Cisco IOS permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n, y ejecutar comandos IOS, a trav\u00e9s de vectores no especificados, tambi\u00e9n conocida como PSIRT-2022590358. NOTA: a fecha de 16/10/2007, la \u00fanica revelaci\u00f3n es un vago preaviso sin informaci\u00f3n de uso inmediato. Sin embargo, dado que proviene de un investigador reputado, se le ha asignado un identificador CVE con prop\u00f3sito de seguimiento."}], "id": "CVE-2007-5547", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-10-18T20:17:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/43742"}, {"source": "cve@mitre.org", "url": "http://www.irmplc.com/index.php/111-Vendor-Alerts"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/43742"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.irmplc.com/index.php/111-Vendor-Alerts"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}