Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 25/08/2007 Updated: 15/10/2018

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in Ripe Website Manager 0.8.9 and previous versions allow remote authenticated users to inject arbitrary web script or HTML via one or more of the following vectors: the (1) id parameter to (a) pages/delete_page.php, (b) navigation/delete_menu.php, and (c) navigation/delete_item.php in admin/; the (2) menu_id, (3) name, (3) page_id, and (4) url parameters in (d) admin/navigation/do_new_item.php; the (5) new_menuname parameter in (e) admin/navigation/do_new_nav.php; and (6) area1, name, and url parameters to (f) admin/pages/do_new_page.php, probably involving the Title or textarea field as reachable through admin/pages/new_page.php. NOTE: the original disclosure does not precisely state which vectors are associated with SQL injection versus XSS.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ripe website manager ripe website manager 0.8.4
ripe website manager ripe website manager 0.8.9

NVD-CWE-Other http://www.securityfocus.com/bid/25406 http://securityreason.com/securityalert/3058 http://osvdb.org/38448 http://osvdb.org/38444 http://osvdb.org/38446 http://osvdb.org/38447 http://osvdb.org/38445 http://osvdb.org/38449 https://exchange.xforce.ibmcloud.com/vulnerabilities/36179 http://www.securityfocus.com/archive/1/477320/100/0/threaded https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2007-4523

Vulnerability Summary

References

Vulmon Search

About

Products

Connect