Vulnerabilities > CVE-2007-2300 - Cross-Site Scripting vulnerability in Surat Kabar PHPwebnews 0.1/0.2

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
surat-kabar
exploit available
NVD
Published: 2007-04-26
Updated: 2018-10-16

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Endy Kristanto Surat kabar / News Management Online (aka phpwebnews) 0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the m_txt parameter to (1) iklan.php, (2) index.php, or (3) bukutamu.php.

Vulnerable Configurations

Part Description Count
Application
Surat_Kabar
2

Exploit-Db

  • descriptionphpwebnews 0.1 iklan.php m_txt Parameter XSS. CVE-2007-2300. Webapps exploit for php platform
    idEDB-ID:29845
    last seen2016-02-03
    modified2007-04-07
    published2007-04-07
    reporterthe_Edit0r
    sourcehttps://www.exploit-db.com/download/29845/
    titlephpwebnews 0.1 iklan.php m_txt Parameter XSS
  • descriptionphpwebnews 0.1 bukutamu.php m_txt Parameter XSS. CVE-2007-2300. Webapps exploit for php platform
    idEDB-ID:29847
    last seen2016-02-03
    modified2007-04-07
    published2007-04-07
    reporterthe_Edit0r
    sourcehttps://www.exploit-db.com/download/29847/
    titlephpwebnews 0.1 bukutamu.php m_txt Parameter XSS
  • descriptionphpwebnews 0.1 index.php m_txt Parameter XSS. CVE-2007-2300. Webapps exploit for php platform
    idEDB-ID:29846
    last seen2016-02-03
    modified2007-04-07
    published2007-04-07
    reporterthe_Edit0r
    sourcehttps://www.exploit-db.com/download/29846/
    titlephpwebnews 0.1 index.php m_txt Parameter XSS

References