Vulnerabilities > CVE-2007-2532 - Cross-Site Scripting vulnerability in Obie Website Mini web Shop 2

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

obie-website

exploit available

NVD

Published: 2007-05-09

Updated: 2018-10-16

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Minh Nguyen Duong Obie Website Mini Web Shop 2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) to (1) sendmail.php or (2) order_form.php, different vectors than CVE-2006-6734.

Vulnerable Configurations

Part	Description	Count
Application	Obie_Website Obie Website Mini WEB Shop 2	1

Exploit-Db

description	ObieWebsite Mini Web Shop 2 order_form.php PATH_INFO Parameter XSS. CVE-2007-2532. Webapps exploit for php platform
id	EDB-ID:29956
last seen	2016-02-03
modified	2007-05-02
published	2007-05-02
reporter	CorryL
source	https://www.exploit-db.com/download/29956/
title	ObieWebsite Mini Web Shop 2 order_form.php PATH_INFO Parameter XSS

description	ObieWebsite Mini Web Shop 2 sendmail.php PATH_INFO Parameter XSS. CVE-2007-2532. Webapps exploit for php platform
id	EDB-ID:29957
last seen	2016-02-03
modified	2007-05-02
published	2007-05-02
reporter	CorryL
source	https://www.exploit-db.com/download/29957/
title	ObieWebsite Mini Web Shop 2 sendmail.php PATH_INFO Parameter XSS

Summary

Vulnerable Configurations

Exploit-Db

References