Vulnerabilities > CVE-2007-2532 - Cross-Site Scripting vulnerability in Obie Website Mini web Shop 2
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Multiple cross-site scripting (XSS) vulnerabilities in Minh Nguyen Duong Obie Website Mini Web Shop 2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) to (1) sendmail.php or (2) order_form.php, different vectors than CVE-2006-6734.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description ObieWebsite Mini Web Shop 2 order_form.php PATH_INFO Parameter XSS. CVE-2007-2532. Webapps exploit for php platform id EDB-ID:29956 last seen 2016-02-03 modified 2007-05-02 published 2007-05-02 reporter CorryL source https://www.exploit-db.com/download/29956/ title ObieWebsite Mini Web Shop 2 order_form.php PATH_INFO Parameter XSS description ObieWebsite Mini Web Shop 2 sendmail.php PATH_INFO Parameter XSS. CVE-2007-2532. Webapps exploit for php platform id EDB-ID:29957 last seen 2016-02-03 modified 2007-05-02 published 2007-05-02 reporter CorryL source https://www.exploit-db.com/download/29957/ title ObieWebsite Mini Web Shop 2 sendmail.php PATH_INFO Parameter XSS