Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6270

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2007-6270
Last Modified 15 Nov 2008 02:04:01
Published 07 Dec 2007 06:46:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-6270

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Absolute News Manager.NET 5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) rmore parameter to xlaabsolutenm.aspx and the (2) template parameter to pages/default.aspx.

Vulnerable Systems

Application

  • Xigla Absolute News Manager.net 5.1


References

BID - 26692

XF - absolutenewsmanager-default-xss(38873)

XF - absolutenewsmanager-xlaabsolutenm-xss(38872)

CONFIRM - http://www.xigla.com/news/default.aspx

MISC - http://www.procheckup.com/Vulnerability_PR07-39.php

SECUNIA - 27923

OSVDB - 40578

OSVDB - 40577

BUGTRAQ - 20071204 PR07-39: Multiple vulnerabilities on Absolute News Manager.NET


Last Updated: 27 May 2016 10:46:26