{"api_version":"1","generated_at":"2026-05-13T12:21:23+00:00","cve":"CVE-2007-2592","urls":{"html":"https://cve.report/CVE-2007-2592","api":"https://cve.report/api/cve/CVE-2007-2592.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2007-2592","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2007-2592"},"summary":{"title":"CVE-2007-2592","description":"Multiple cross-site scripting (XSS) vulnerabilities in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to de/pda/dev_logon.asp and (2) multiple unspecified vectors in (a) usrmgr/registerAccount.asp, (b) de/create_account.asp, and other files.","state":"PUBLISHED","assigner":"mitre","published_at":"2007-05-11 04:20:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.3","severity":"","vector":"AV:N/AC:M/Au:N/C:N/I:P/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"}}],"references":[{"url":"http://secunia.com/advisories/26199","name":"http://secunia.com/advisories/26199","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Novell GroupWise Mobile Server Multiple Vulnerabilities - Secunia Advisories - Vulnerability Intelligence - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5005120.html","name":"http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5005120.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"GroupWise Mobile Server 1.0 HP1 1.0 HP1","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2007/2657","name":"http://www.vupen.com/english/advisories/2007/2657","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/468048/100/0/threaded","name":"http://www.securityfocus.com/archive/1/468048/100/0/threaded","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://securityreason.com/securityalert/2689","name":"http://securityreason.com/securityalert/2689","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Multiple vulnerabilites in Nokia Intellisync Mobile Suite & Wireless Email Express - CXSecurity.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/34187","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/34187","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2007/1727","name":"http://www.vupen.com/english/advisories/2007/1727","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail - OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/25212","name":"http://secunia.com/advisories/25212","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"Nokia Intellisync Mobile Suite Multiple Vulnerabilities - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://osvdb.org/34517","name":"http://osvdb.org/34517","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://osvdb.org/34516","name":"http://osvdb.org/34516","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://www.sec-consult.com/289.html","name":"http://www.sec-consult.com/289.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Vendor Advisory"],"title":"404 - Page not found! - SEC Consult","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://www.securitytracker.com/id?1018454","name":"http://www.securitytracker.com/id?1018454","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Novell GroupWise Mobile Server Bugs Permit Denial of Service and Cross-Site Scripting Attacks - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://osvdb.org/34515","name":"http://osvdb.org/34515","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://www.securityfocus.com/bid/23889","name":"http://www.securityfocus.com/bid/23889","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Novell GroupWise Mobile Server Multiple Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2007-2592","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-2592","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2007","cve_id":"2592","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"nokia","cpe5":"groupwise_mobile_server","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"2592","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"nokia","cpe5":"intellisync_mobile_suite","cpe6":"6.4.31.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"2592","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"nokia","cpe5":"intellisync_mobile_suite","cpe6":"6.6.0.107","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"2592","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"nokia","cpe5":"intellisync_mobile_suite","cpe6":"6.6.2.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"2592","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"nokia","cpe5":"intellisync_wireless_email_express","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T13:42:33.445Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"http://www.sec-consult.com/289.html"},{"name":"34517","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://osvdb.org/34517"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5005120.html"},{"name":"ADV-2007-1727","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2007/1727"},{"name":"26199","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/26199"},{"name":"34516","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://osvdb.org/34516"},{"name":"34515","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://osvdb.org/34515"},{"name":"20070509 SEC Consult SA-20070509-0 :: Multiple vulnerabilites in Nokia Intellisync Mobile Suite & Wireless Email Express","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/468048/100/0/threaded"},{"name":"1018454","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id?1018454"},{"name":"25212","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/25212"},{"name":"2689","tags":["third-party-advisory","x_refsource_SREASON","x_transferred"],"url":"http://securityreason.com/securityalert/2689"},{"name":"ADV-2007-2657","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2007/2657"},{"name":"23889","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/23889"},{"name":"nokia-multiple-scripts-xss(34187)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/34187"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2007-05-09T00:00:00.000Z","descriptions":[{"lang":"en","value":"Multiple cross-site scripting (XSS) vulnerabilities in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to de/pda/dev_logon.asp and (2) multiple unspecified vectors in (a) usrmgr/registerAccount.asp, (b) de/create_account.asp, and other files."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-10-16T14:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"tags":["x_refsource_MISC"],"url":"http://www.sec-consult.com/289.html"},{"name":"34517","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://osvdb.org/34517"},{"tags":["x_refsource_CONFIRM"],"url":"http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5005120.html"},{"name":"ADV-2007-1727","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2007/1727"},{"name":"26199","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/26199"},{"name":"34516","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://osvdb.org/34516"},{"name":"34515","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://osvdb.org/34515"},{"name":"20070509 SEC Consult SA-20070509-0 :: Multiple vulnerabilites in Nokia Intellisync Mobile Suite & Wireless Email Express","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/468048/100/0/threaded"},{"name":"1018454","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id?1018454"},{"name":"25212","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/25212"},{"name":"2689","tags":["third-party-advisory","x_refsource_SREASON"],"url":"http://securityreason.com/securityalert/2689"},{"name":"ADV-2007-2657","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2007/2657"},{"name":"23889","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/23889"},{"name":"nokia-multiple-scripts-xss(34187)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/34187"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2007-2592","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple cross-site scripting (XSS) vulnerabilities in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to de/pda/dev_logon.asp and (2) multiple unspecified vectors in (a) usrmgr/registerAccount.asp, (b) de/create_account.asp, and other files."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"http://www.sec-consult.com/289.html","refsource":"MISC","url":"http://www.sec-consult.com/289.html"},{"name":"34517","refsource":"OSVDB","url":"http://osvdb.org/34517"},{"name":"http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5005120.html","refsource":"CONFIRM","url":"http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5005120.html"},{"name":"ADV-2007-1727","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2007/1727"},{"name":"26199","refsource":"SECUNIA","url":"http://secunia.com/advisories/26199"},{"name":"34516","refsource":"OSVDB","url":"http://osvdb.org/34516"},{"name":"34515","refsource":"OSVDB","url":"http://osvdb.org/34515"},{"name":"20070509 SEC Consult SA-20070509-0 :: Multiple vulnerabilites in Nokia Intellisync Mobile Suite & Wireless Email Express","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/468048/100/0/threaded"},{"name":"1018454","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1018454"},{"name":"25212","refsource":"SECUNIA","url":"http://secunia.com/advisories/25212"},{"name":"2689","refsource":"SREASON","url":"http://securityreason.com/securityalert/2689"},{"name":"ADV-2007-2657","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2007/2657"},{"name":"23889","refsource":"BID","url":"http://www.securityfocus.com/bid/23889"},{"name":"nokia-multiple-scripts-xss(34187)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/34187"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2007-2592","datePublished":"2007-05-11T03:55:00.000Z","dateReserved":"2007-05-10T00:00:00.000Z","dateUpdated":"2024-08-07T13:42:33.445Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2007-05-11 04:20:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nokia:groupwise_mobile_server:*:*:*:*:*:*:*:*","matchCriteriaId":"49230DA2-0B09-42BF-811B-1CCF56181FBC"},{"vulnerable":true,"criteria":"cpe:2.3:a:nokia:intellisync_mobile_suite:6.4.31.2:*:*:*:*:*:*:*","matchCriteriaId":"A3E0EF3B-D4F6-4300-949B-F80285C43CAB"},{"vulnerable":true,"criteria":"cpe:2.3:a:nokia:intellisync_mobile_suite:6.6.0.107:*:*:*:*:*:*:*","matchCriteriaId":"DB300678-04E7-4F6B-AE43-8931C2FF5F40"},{"vulnerable":true,"criteria":"cpe:2.3:a:nokia:intellisync_mobile_suite:6.6.2.2:*:*:*:*:*:*:*","matchCriteriaId":"F1795FDF-D272-476F-85FA-D57A474CA3F5"},{"vulnerable":true,"criteria":"cpe:2.3:a:nokia:intellisync_wireless_email_express:*:*:*:*:*:*:*:*","matchCriteriaId":"75F41ABD-B71D-48B3-B911-8F0ED1BA8A83"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2007","CveId":"2592","Ordinal":"1","Title":"CVE-2007-2592","CVE":"CVE-2007-2592","Year":"2007"},"notes":[{"CveYear":"2007","CveId":"2592","Ordinal":"1","NoteData":"Multiple cross-site scripting (XSS) vulnerabilities in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to de/pda/dev_logon.asp and (2) multiple unspecified vectors in (a) usrmgr/registerAccount.asp, (b) de/create_account.asp, and other files.","Type":"Description","Title":"CVE-2007-2592"},{"CveYear":"2007","CveId":"2592","Ordinal":"2","NoteData":"2007-05-10","Type":"Other","Title":"Published"},{"CveYear":"2007","CveId":"2592","Ordinal":"3","NoteData":"2018-10-16","Type":"Other","Title":"Modified"}]}}}