Vulnerabilities > CVE-2007-2686 - Cross-Site Scripting vulnerability in Jetbox CMS 2.1

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
jetbox
exploit available

Summary

Cross-site scripting (XSS) vulnerability in index.php in Jetbox CMS 2.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter in a sendpwd task.

Vulnerable Configurations

Part Description Count
Application
Jetbox
1

Exploit-Db

descriptionJetbox CMS 2.1 Login Variable Cross Site Scripting Vulnerability. CVE-2007-2686. Webapps exploit for php platform
idEDB-ID:30068
last seen2016-02-03
modified2007-05-22
published2007-05-22
reporterJesper Jurcenoks
sourcehttps://www.exploit-db.com/download/30068/
titleJetbox CMS 2.1 Login Variable Cross-Site Scripting Vulnerability

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/56907/jetboxcms21-xss.txt
idPACKETSTORM:56907
last seen2016-12-05
published2007-05-23
reporterJesper Jurcenoks
sourcehttps://packetstormsecurity.com/files/56907/jetboxcms21-xss.txt.html
titlejetboxcms21-xss.txt