Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6374

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2007-6374
Last Modified 07 Mar 2011 10:02:33
Published 14 Dec 2007 08:46:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-6374

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 2.0.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) users/register.php or (2) search/index.php, or an editcomments action in (3) wiki/index.php or (4) forums/index.php. NOTE: the error parameter to users/login.php is covered by CVE-2006-3103.

Vulnerable Systems

Application

  • Bitweaver 2.0.0


References

XF - bitweaver-register-index-login-xss(38942)

VUPEN - ADV-2007-4168

BID - 26801

BUGTRAQ - 20071209 Bitweaver XSS & SQL Injection Vulnerability

MISC - http://www.hackerscenter.com/archive/view.asp?id=28129

SECUNIA - 28024

OSVDB - 39130

OSVDB - 39129

SREASON - 3428


Last Updated: 27 May 2016 10:46:28