Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6367

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2007-6367
Last Modified 05 Sep 2009 01:12:06
Published 14 Dec 2007 08:46:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-6367

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the guestbook in SineCMS 2.3.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) username (user) or (2) comment (commento) field, different vectors than CVE-2007-2357.

Vulnerable Systems

Application

  • Sinecms 2.3.4


References

XF - sinecms-mods-xss(38893)

BUGTRAQ - 20071218 Re: SineCMS <= 2.3.4 Calendar SQL Injection 'n something else..

BUGTRAQ - 20071205 SineCMS <= 2.3.4 Calendar SQL Injection 'n something else..

MILW0RM - 4693

SECUNIA - 27949

SREASON - 3444


Last Updated: 27 May 2016 10:46:28