Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4896

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2007-4896
Last Modified 15 Nov 2008 01:58:58
Published 14 Sep 2007 02:17:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-4896

Summary

Multiple cross-site scripting (XSS) vulnerabilities in admin/header.php in Toms Gaestebuch 1.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) lang[adminseite], (2) lang[ueberschrift], or (3) einst[metachar] parameter, different vectors than CVE-2007-4711.

Vulnerable Systems

Application

  • Toms-seiten.at Toms Gastenbuch 1.00

  • Toms-seiten.at Toms Gastenbuch 1.01


References

CONFIRM - http://www.toms-seiten.at/guest/index.php?language=de

BID - 25598

BUGTRAQ - 20070908 Re: Re: Toms Gästebuch 1.00 - XSS

OSVDB - 38660

CONFIRM - http://www.toms-seiten.at/iv_downloads/details.php?dl_id=3&language=de

BUGTRAQ - 20070919 Re: Re: Re: Toms Gästebuch 1.00 - XSS


Last Updated: 27 May 2016 10:46:00