CVE-2007-5702
Novell OpenSUSE SWAMP - Cross-Site Scripting via Login Username Parameter
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in swamp/action/LoginActions (aka the login box) in the Novell OpenSUSE SWAMP Workflow Administration and Management Platform 1.x allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: some of these details are obtained from third party information.
References (6)
Core 6
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27390
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/38203
Product x_refsource_confirm
http://swamp.svn.sourceforge.net/viewvc/swamp/trunk/swamp/webapps/webswamp/src/java/de/suse/swamp/modules/actions/LoginActions.java?r1=666&r2=700
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/37399
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/26198
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/482733/100/0/threaded
Scores
EPSS
0.0098
EPSS Percentile
77.0%
Details
CWE
CWE-79
Status
published
Products (1)
novell/opensuse_swamp
Published
Oct 29, 2007
Tracked Since
Feb 18, 2026