Vulnerabilities > CVE-2007-0552 - Cross-Site Scripting vulnerability in OH NO NOT Another CMS OH NO NOT Another CMS 0.0.8.4
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL network
oh-no-not-another-cms
Summary
Cross-site scripting (XSS) vulnerability in install/default/error404.html in Oh no! Not another CMS (Onnac) 0.0.8.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the error_url parameter.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
References
- http://onnac.svn.sourceforge.net/viewvc/onnac/trunk/install/default/error404.html?view=log
- http://osvdb.org/36811
- http://sourceforge.net/forum/forum.php?forum_id=655260
- http://www.securityfocus.com/bid/22256
- http://www.vupen.com/english/advisories/2007/0347
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31795