CVE-2007-4088
CVE-2007-4088 is a medium-severity vulnerability in Vikingboard with a CVSS 2.0 base score of 4.3. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: Medium (CVSS 2.0 base score 4.3)
- EPSS exploit prediction: 4% (90th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Vikingboard
- Published:
- Last modified:
Description
Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard 0.1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) f, (3) quote, and (4) act parameters to cp.php; the (5) u parameter to user.php; the (6) f parameter to post.php; the (7) s parameter to topic.php; the (8) quote, (9) t, (10) poll, and (11) p parameters to post.php; the (12) Message Title field of a private message (PM) in mode 6 of cp.php; the (13) title field of a private message (PM) in mode 7 of cp.php; and (14) allow user-assisted remote attackers to inject arbitrary web script or HTML via a dosearch action to search.php, which reflects the first lines of all posts by a user. NOTE: the act parameter to help.php and the p parameter to report.php are already covered by CVE-2006-4708. NOTE: vectors 12 and 13 might overlap CVE-2006-6283.1. NOTE: vector 14 might overlap CVE-2006-4708.b.
Frequently asked questions
- What is CVE-2007-4088?
- Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard 0.1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) f, (3) quote, and (4) act parameters to cp.php; the (5) u parameter to user.php; the (6) f parameter to post.php; the (7) s parameter to topic.php; the (8) quote, (9) t, (10) poll, and (11) p parameters to post.php; the (12) Message Title field of a private message (PM) in mode 6 of cp.php; the (13) title field of a private message (PM) in mode 7 of cp.php; and (14) allow user-assisted remote attackers to inject arbitrary web script or HTML via a dosearch action to search.php, which reflects the first lines of all posts by a user. NOTE: the act parameter to help.php and the p parameter to report.php are already covered by CVE-2006-4708. NOTE: vectors 12 and 13 might overlap CVE-2006-6283.1. NOTE: vector 14 might overlap CVE-2006-4708.b.
- How severe is CVE-2007-4088?
- CVE-2007-4088 has a CVSS 2.0 base score of 4.3, rated medium severity.
- Is CVE-2007-4088 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 4% (90th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2007-4088?
- CVE-2007-4088 affects Vikingboard. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2007-4088?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2007-4088 published?
- CVE-2007-4088 was published on 2007-07-30 and last updated on 2026-06-16.
References
- http://lostmon.blogspot.com/2007/07/vikingboard-multiple-cross-site.html
- http://osvdb.org/37352
- http://osvdb.org/37354
- http://osvdb.org/37355
- http://osvdb.org/37356
- http://osvdb.org/37357
- http://secunia.com/advisories/26196
- http://secwatch.org/advisories/1018567/
- http://www.securityfocus.com/bid/25056
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35599
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35601
Affected products (1)
- cpe:2.3:a:vikingboard:vikingboard:0.1.2:*:*:*:*:*:*:*
More vulnerabilities in Vikingboard
- CVE-2006-6282 — Critical (CVSS 9.3): members.php in Vikingboard 0.1.2 allows remote attackers to trigger a forced SQL error via an invalid s parameter, a…
- CVE-2006-6284 — Critical (CVSS 9.0): Directory traversal vulnerability in admin.php in Vikingboard 0.1.2 allows remote authenticated administrators to…
- CVE-2006-4708 — Medium (CVSS 6.8): Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard 0.1b allow remote attackers to inject arbitrary web…
- CVE-2006-4709 — Medium (CVSS 5.0): SQL injection vulnerability in topic.php in Vikingboard 0.1b allows remote attackers to execute arbitrary SQL commands…
- CVE-2007-4089 — Medium (CVSS 4.3): Vikingboard 0.1.2 allows remote attackers to obtain sensitive information via the debug parameter to (1) forum.php, (2)…
- CVE-2007-4090 — Medium (CVSS 4.3): Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard 0.1.2 allow remote attackers to inject arbitrary web…