Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6659


Vulnerability Score 4.3 4.3
CVE Id CVE-2007-6659
Last Modified 05 Sep 2008 05:33:48
Published 04 Jan 2008 06:46:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE



Multiple cross-site scripting (XSS) vulnerabilities in 2z project allow remote attackers to inject arbitrary web script or HTML via the (1) contentshort or (2) contentfull parameter in an addnews action to the default URI; (3) the content parameter in a pm write action to 2z/admin.php; (4) the referer parameter to templates/default/usermenu.tpl, accessed through index.php; or the (5) newavatar or (6) newphoto parameter in a profile action to the default URI under 2z/.

Vulnerable Systems


  • 2z Project


BID - 27057

BUGTRAQ - 20071228 2z-project Multiple Security Vulnerabilities

SREASON - 3514

SECUNIA - 28244


Last Updated: 27 May 2016 10:46:35