CVE-2007-3623

medium

Description

Cross-site scripting (XSS) vulnerability in the Hitachi JP1/HiCommand Device Manager, Tiered Storage Manager, Replication Monitor, and GlobalLink Availability Manager before 20070528 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/35286

http://www.vupen.com/english/advisories/2007/2457

http://www.securityfocus.com/bid/24797

http://www.hitachi-support.com/security_e/vuls_e/HS07-017_e/index-e.html

http://secunia.com/advisories/25973

http://osvdb.org/37849

http://osvdb.org/37848

Details

Source: Mitre, NVD

Published: 2007-07-09

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.0048