CVE-2007-5477

Valve Software Half-life Dedicated Server - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in auth.w in djeyl.net WebMod 0.48 Half-Life Dedicated Server plugin allows remote attackers to inject arbitrary web script or HTML via the redir parameter.

References (6)

[Third Party Advisory, VDB Entry] http://osvdb.org/37833

[Vendor Advisory] http://secunia.com/advisories/27245

[Various Sources] http://sla.ckers.org/forum/read.php?3%2C44%2C11482#msg-11482

[Third Party Advisory] http://www.attrition.org/pipermail/vim/2007-October/001833.html

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/37220

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/26087

Scores

EPSS 0.0051

EPSS Percentile 66.0%

Classification

CWE

CWE-79

Status draft

Affected Products (2)

valve_software/half-life_dedicated_server

valve_software/webmod_plugin

Timeline

Published Oct 16, 2007

Tracked Since Feb 18, 2026