CVE-2007-4587

Easy Software Cafeteria escafeWeb <1.0.4 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in Easy Software Cafeteria escafeWeb (aka Tuigwaa) 1.0 through 1.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to the setting of option.nopage.create in tuigwaa.properties.

References (6)

[Third Party Advisory] http://jvn.jp/jp/JVN%2382276964/index.html

[Patch, Vendor Advisory] http://secunia.com/advisories/26577

[Various Sources] http://www.escafe.org/main/Security

[Exploit, Patch] http://www.securityfocus.com/bid/25447

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/36264

[Third Party Advisory, VDB Entry] http://osvdb.org/37147

Scores

EPSS 0.0051

EPSS Percentile 66.0%

Classification

CWE

CWE-79

Status draft

Affected Products (1)

the_seasar_foundation/escafeweb < 1.0.4

Timeline

Published Aug 29, 2007

Tracked Since Feb 18, 2026