Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6659

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2007-6659
Last Modified 05 Sep 2008 05:33:48
Published 04 Jan 2008 06:46:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-6659

Summary

Multiple cross-site scripting (XSS) vulnerabilities in 2z project 0.9.6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) contentshort or (2) contentfull parameter in an addnews action to the default URI; (3) the content parameter in a pm write action to 2z/admin.php; (4) the referer parameter to templates/default/usermenu.tpl, accessed through index.php; or the (5) newavatar or (6) newphoto parameter in a profile action to the default URI under 2z/.

Vulnerable Systems

Application

  • 2z Project 0.9.6.1


References

BID - 27057

BUGTRAQ - 20071228 2z-project 0.9.6.1 Multiple Security Vulnerabilities

SREASON - 3514

SECUNIA - 28244

CONFIRM - http://2z-project.ru/forum/viewtopic.php?pid=8309


Last Updated: 27 May 2016 10:46:35