Vulnerabilities > CVE-2007-0973 - Cross-Site Scripting vulnerability in Jupiter CMS Jupiter CMS 1.1.5

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

jupiter-cms

NVD

Published: 2007-02-16

Updated: 2018-10-16

Summary

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Jupiter CMS 1.1.5 allow remote attackers to inject arbitrary web script or HTML via the Referer HTTP header and certain other HTTP headers, which are displayed without proper sanitization when an administrator performs a Logged Guest action.

Vulnerable Configurations

Part	Description	Count
Application	Jupiter_Cms Jupiter CMS Jupiter CMS 1.1.5	1

References

http://mgsdl.free.fr/advisories/12070214.txt
http://osvdb.org/33729
http://www.acid-root.new.fr/advisories/12070214.txt
http://www.securityfocus.com/archive/1/460076/100/0/threaded
http://www.securityfocus.com/archive/1/460100/100/0/threaded
http://www.securityfocus.com/bid/22560
https://exchange.xforce.ibmcloud.com/vulnerabilities/32518