CVE-2007-5692
CVE-2007-5692
Multiple cross-site scripting (XSS) vulnerabilities in SiteBar 3.3.8 allow remote attackers to inject arbitrary web script or HTML via (1) the lang parameter to integrator.php; (2) the token parameter in a New Password action, (3) the nid_acl parameter in a Folder Properties action, or (4) the uid parameter in a Modify User action to command.php; or (5) the target parameter to index.php, different vectors than CVE-2006-3320.
Affected products
n/a · n/apublic PoCs found — 3
exploitdbwww.exploit-db.com/exploits/30686unverifiedexploitdbwww.exploit-db.com/exploits/30685unverifiedexploitdbwww.exploit-db.com/exploits/30684unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://osvdb.org/41355http://osvdb.org/41356http://osvdb.org/41357http://osvdb.org/41358http://osvdb.org/41359http://secunia.com/advisories/27503http://secunia.com/advisories/28008http://securityreason.com/securityalert/3318http://teamforge.net/viewcvs/viewcvs.cgi/tags/release-3.3.9/doc/history.txt?view=markuphttp://www.debian.org/security/2007/dsa-1423http://www.gentoo.org/security/en/glsa/glsa-200711-05.xmlhttp://www.securityfocus.com/archive/1/482499/100/0/threaded