Detections
Analytics

CVE-2007-2592

medium

Description

Multiple cross-site scripting (XSS) vulnerabilities in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to de/pda/dev_logon.asp and (2) multiple unspecified vectors in (a) usrmgr/registerAccount.asp, (b) de/create_account.asp, and other files.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/34187

http://www.vupen.com/english/advisories/2007/2657

http://www.vupen.com/english/advisories/2007/1727

http://www.securitytracker.com/id?1018454

http://www.securityfocus.com/bid/23889

http://www.securityfocus.com/archive/1/468048/100/0/threaded

http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5005120.html

http://securityreason.com/securityalert/2689

http://secunia.com/advisories/26199

http://secunia.com/advisories/25212

http://osvdb.org/34517

http://osvdb.org/34516

http://osvdb.org/34515

Details

Source: Mitre, NVD

Published: 2007-05-11

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00879