Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6608

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2007-6608
Last Modified 15 Nov 2008 02:05:31
Published 31 Dec 2007 03:46:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-6608

Summary

Multiple cross-site scripting (XSS) vulnerabilities in OpenBiblio 0.5.2-pre4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) LAST and (2) FIRST parameters to admin/staff_del_confirm.php, (3) the name parameter to admin/theme_del_confirm.php, or (4) the themeName parameter to admin/theme_preview.php.

Vulnerable Systems

Application

  • Openbiblio 0.2

  • Openbiblio 0.2.1

  • Openbiblio 0.3

  • Openbiblio 0.5.1

  • Openbiblio 0.5.2

  • Openbiblio 0.5.2 Pre4


References

BID - 27053

BUGTRAQ - 20071228 OpenBiblio 0.5.2-pre4 and prior multiple vulnerabilities

MISC - http://sourceforge.net/project/shownotes.php?release_id=488061&group_id=50071

MISC - http://sourceforge.net/project/shownotes.php?release_id=451780&group_id=50071

OSVDB - 39871

OSVDB - 39870

OSVDB - 39869

XF - openbiblio-uid-name-xss(39297)

SREASON - 3502


Last Updated: 27 May 2016 10:46:32