Vulnerabilities > CVE-2007-2732 - Cross-Site Scripting vulnerability in Jetbox CMS 2.1

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
jetbox
exploit available
NVD
Published: 2007-05-16
Updated: 2018-10-16

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS allow remote attackers to inject arbitrary web script or HTML via the (1) path parameter to view/search/; or the (2) companyname, (3) country, (4) email, (5) firstname, (6) middlename, (7) required, (8) surname, or (9) title parameter to view/supplynews/.

Vulnerable Configurations

Part Description Count
Application
Jetbox
1

Exploit-Db

  • descriptionJetbox CMS 2.1 view/search/ path Parameter XSS. CVE-2007-2732. Webapps exploit for php platform
    idEDB-ID:30041
    last seen2016-02-03
    modified2007-05-15
    published2007-05-15
    reporterMikhail Markin
    sourcehttps://www.exploit-db.com/download/30041/
    titleJetbox CMS 2.1 - view/search/ path Parameter XSS
  • descriptionJetbox CMS 2.1 view/supplynews/ Multiple Parameter XSS. CVE-2007-2732. Webapps exploit for php platform
    idEDB-ID:30042
    last seen2016-02-03
    modified2007-05-15
    published2007-05-15
    reporterMikhail Markin
    sourcehttps://www.exploit-db.com/download/30042/
    titleJetbox CMS 2.1 - view/supplynews Multiple Parameter XSS

References