Published: 29/12/2010 Updated: 04/01/2011

CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9

VMScore: 265

Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in Habari 0.6.5, when register_globals is enabled, allow remote malicious users to inject arbitrary web script or HTML via the (1) additem_form parameter to system/admin/dash_additem.php and the (2) status_data[] parameter to system/admin/dash_status.php. NOTE: some of these details are obtained from third party information.

Vulnerable Product	Search on Vulmon	Subscribe to Product
habariproject habari 0.6.5

Vulnerability ID: HTB22732 Reference: wwwhtbridgech/advisory/path_disclosure_in_habarihtml Product: Habari Vendor: Habari ( habariprojectorg/en/ ) Vulnerable Version: 065 Vendor Notification: 02 December 2010 Vulnerability Type: Path disclosure Status: Fixed by Vendor Risk level: Low Credit: High-Tech Bridge SA - Ethical Hack ...

CWE-79 http://www.htbridge.ch/advisory/xss_vulnerability_in_habari.html http://www.htbridge.ch/advisory/xss_vulnerability_in_habari_1.html http://wiki.habariproject.org/en/Release_0.6.6 http://secunia.com/advisories/42688 http://www.exploit-db.com/exploits/15799 https://nvd.nist.gov https://www.exploit-db.com/exploits/15799/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2010-4607

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect