CVE-2007-2907
SSL-Explorer < 0.2.12 - Authenticated Cross-Site Scripting via Redirect URL
Title source: llmDescription
Unspecified vulnerability in SSL-Explorer before 0.2.13 allows remote authenticated users to enter redirect URLs containing (1) JavaScript or (2) HTTP headers via an unspecified vector, possibly the forwardTo parameter to redirect.do. NOTE: the impact might be cross-site scripting (XSS) or HTTP request smuggling.
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/36913
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25512
Patch x_refsource_confirm
http://sourceforge.net/forum/forum.php?forum_id=690648
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/2057
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/24319
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/36915
Scores
EPSS
0.0147
EPSS Percentile
70.8%
Details
CWE
CWE-119
Status
published
Products (1)
ssl-explorer/ssl-explorer
< 0.2.12
Published
May 30, 2007
Tracked Since
Feb 18, 2026