Vulnerabilities > CVE-2007-0266 - Cross-Site Scripting vulnerability in Ezboxx Portal System Beta0.7.6

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

ezboxx

NVD

Published: 2007-01-16

Updated: 2018-10-16

Summary

SQL injection vulnerability in boxx/ShowAppendix.asp in Ezboxx Portal System Beta 0.7.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the iid parameter.

Vulnerable Configurations

Part	Description	Count
Application	Ezboxx Ezboxx Ezboxx Portal System Beta_0.7.6	1

References

http://osvdb.org/32825
http://osvdb.org/33466
http://secunia.com/advisories/23759
http://www.bugsec.com/articles.php?Security=20
http://www.securityfocus.com/archive/1/456699/100/0/threaded
http://www.vupen.com/english/advisories/2007/0208