{"api_version":"1","generated_at":"2026-07-10T19:32:58+00:00","cve":"CVE-2007-4281","urls":{"html":"https://cve.report/CVE-2007-4281","api":"https://cve.report/api/cve/CVE-2007-4281.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2007-4281","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2007-4281"},"summary":{"title":"CVE-2007-4281","description":"Cross-site scripting (XSS) vulnerability in KnowledgeTree Open Source 3.4 and 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the login field on the login page, and other unspecified vectors.","state":"PUBLISHED","assigner":"mitre","published_at":"2007-08-09 21:17:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.3","severity":"","vector":"AV:N/AC:M/Au:N/C:N/I:P/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"}}],"references":[{"url":"http://www.securityfocus.com/bid/25231","name":"http://www.securityfocus.com/bid/25231","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"KnowledgeTree Open Source Multiple Unspecified Cross-Site Scripting Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://secunia.com/advisories/26333","name":"http://secunia.com/advisories/26333","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"KnowledgeTree Open Source Cross-Site Scripting - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://sourceforge.net/forum/forum.php?forum_id=722865","name":"http://sourceforge.net/forum/forum.php?forum_id=722865","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Page not found\n    - SourceForge.net","mime":"text/html","httpstatus":"404","archivestatus":"404"},{"url":"http://sourceforge.net/project/shownotes.php?release_id=530698&group_id=107851","name":"http://sourceforge.net/project/shownotes.php?release_id=530698&group_id=107851","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Page not found\n    - SourceForge.net","mime":"text/html","httpstatus":"404","archivestatus":"404"},{"url":"http://www.vupen.com/english/advisories/2007/2812","name":"http://www.vupen.com/english/advisories/2007/2812","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://support.ktdms.com/browse/KTS-2178","name":"http://support.ktdms.com/browse/KTS-2178","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[#KTS-2178] cross site scripting - KnowledgeTree DMS JIRA","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://osvdb.org/36579","name":"http://osvdb.org/36579","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2007-4281","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-4281","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2007","cve_id":"4281","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"knowledgetree","cpe5":"open_source","cpe6":"3.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"4281","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"knowledgetree","cpe5":"open_source","cpe6":"3.4.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T14:46:39.773Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"36579","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://osvdb.org/36579"},{"name":"ADV-2007-2812","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2007/2812"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://sourceforge.net/forum/forum.php?forum_id=722865"},{"name":"25231","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/25231"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://sourceforge.net/project/shownotes.php?release_id=530698&group_id=107851"},{"name":"26333","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/26333"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://support.ktdms.com/browse/KTS-2178"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2007-08-08T00:00:00.000Z","descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in KnowledgeTree Open Source 3.4 and 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the login field on the login page, and other unspecified vectors."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2008-11-15T10:00:00.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"36579","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://osvdb.org/36579"},{"name":"ADV-2007-2812","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2007/2812"},{"tags":["x_refsource_CONFIRM"],"url":"http://sourceforge.net/forum/forum.php?forum_id=722865"},{"name":"25231","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/25231"},{"tags":["x_refsource_CONFIRM"],"url":"http://sourceforge.net/project/shownotes.php?release_id=530698&group_id=107851"},{"name":"26333","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/26333"},{"tags":["x_refsource_CONFIRM"],"url":"http://support.ktdms.com/browse/KTS-2178"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2007-4281","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Cross-site scripting (XSS) vulnerability in KnowledgeTree Open Source 3.4 and 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the login field on the login page, and other unspecified vectors."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"36579","refsource":"OSVDB","url":"http://osvdb.org/36579"},{"name":"ADV-2007-2812","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2007/2812"},{"name":"http://sourceforge.net/forum/forum.php?forum_id=722865","refsource":"CONFIRM","url":"http://sourceforge.net/forum/forum.php?forum_id=722865"},{"name":"25231","refsource":"BID","url":"http://www.securityfocus.com/bid/25231"},{"name":"http://sourceforge.net/project/shownotes.php?release_id=530698&group_id=107851","refsource":"CONFIRM","url":"http://sourceforge.net/project/shownotes.php?release_id=530698&group_id=107851"},{"name":"26333","refsource":"SECUNIA","url":"http://secunia.com/advisories/26333"},{"name":"http://support.ktdms.com/browse/KTS-2178","refsource":"CONFIRM","url":"http://support.ktdms.com/browse/KTS-2178"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2007-4281","datePublished":"2007-08-09T21:00:00.000Z","dateReserved":"2007-08-09T00:00:00.000Z","dateUpdated":"2024-08-07T14:46:39.773Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2007-08-09 21:17:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:knowledgetree:open_source:3.4:*:*:*:*:*:*:*","matchCriteriaId":"F89D7851-0348-4B79-BE4D-511E8939EB36"},{"vulnerable":true,"criteria":"cpe:2.3:a:knowledgetree:open_source:3.4.1:*:*:*:*:*:*:*","matchCriteriaId":"7AE71D30-15CF-4744-82A6-DF8C7D706439"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2007","CveId":"4281","Ordinal":"1","Title":"CVE-2007-4281","CVE":"CVE-2007-4281","Year":"2007"},"notes":[{"CveYear":"2007","CveId":"4281","Ordinal":"1","NoteData":"Cross-site scripting (XSS) vulnerability in KnowledgeTree Open Source 3.4 and 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the login field on the login page, and other unspecified vectors.","Type":"Description","Title":"CVE-2007-4281"},{"CveYear":"2007","CveId":"4281","Ordinal":"2","NoteData":"2007-08-09","Type":"Other","Title":"Published"},{"CveYear":"2007","CveId":"4281","Ordinal":"3","NoteData":"2008-11-15","Type":"Other","Title":"Modified"}]}}}