VYPR
← All advisories
Unrated severityNVD Advisory· Published May 22, 2007· Updated Apr 23, 2026

CVE-2007-2808

CVE-2007-2808

Description

Cross-site scripting (XSS) vulnerability in Gnatsweb 4.00 and Gnats 4.1.99 allows remote attackers to inject arbitrary HTML/script via the database parameter.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Cross-site scripting (XSS) vulnerability in Gnatsweb 4.00 and Gnats 4.1.99 allows remote attackers to inject arbitrary HTML/script via the database parameter.

Vulnerability

The gnatsweb.pl script in Gnatsweb 4.00 and Gnats 4.1.99 contains a cross-site scripting (XSS) vulnerability. The database parameter is not properly sanitized before being returned to the user, allowing injection of arbitrary web script or HTML. [1]

Exploitation

An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable gnatsweb.pl script with malicious JavaScript or HTML in the database parameter. No authentication or special privileges are required; the attack is remote. [1]

Impact

Successful exploitation allows the attacker to execute arbitrary HTML and script code in the victim's browser session within the context of the affected site. This can lead to session hijacking, defacement, or theft of sensitive information. [1]

Mitigation

No official patch has been released. The recommended workaround is to manually edit the source code of gnatsweb.pl to properly sanitize the database parameter before output. [1]

References
  1. GNATS XSS vuln

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

3
  • GNU/Gnats2 versions
    cpe:2.3:a:gnu:gnats:4.1.99:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:gnu:gnats:4.1.99:*:*:*:*:*:*:*
    • (no CPE)range: =4.1.99
  • Yngve Svendsen/Gnatsweb
    cpe:2.3:a:yngve_svendsen:gnatsweb:4.00:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

8

News mentions

0

No linked articles in our index yet.