CVE-2007-0437

N/A Unknown
Published: August 20, 2007 Modified: April 23, 2026
View on NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in the sample Cache' Server Page (CSP) scripts in InterSystems Cache' allow remote attackers to inject arbitrary web script or HTML via (1) the TO parameter to loop.csp, (2) the VALUE parameter to cookie.csp, and (3) the PAGE parameter to showsource.csp in csp/samples/; and allow remote authenticated users to inject arbitrary web script or HTML via (4) the ERROR parameter to csp/samples/xmlclasseserror.csp, and unspecified vectors in (5) object.csp and (6) lotteryhistory.csp in csp/samples/.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://www.cpni.gov.uk/Products/alerts/2928.aspx
Source: cve@mitre.org
http://www.mwrinfosecurity.com/advisories/mwri_cache-sample-files-xss-advisory_2007-04-04.pdf
Source: cve@mitre.org
http://www.mwrinfosecurity.com/news/1658.html
Source: cve@mitre.org
http://www.cpni.gov.uk/Products/alerts/2928.aspx
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.mwrinfosecurity.com/advisories/mwri_cache-sample-files-xss-advisory_2007-04-04.pdf
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.mwrinfosecurity.com/news/1658.html
Source: af854a3a-2127-422b-91ae-364da2661108

6 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
0.2%
45th percentile
Exploitation Status
Not in CISA KEV

Affected Vendors

intersystems