Vulnerabilities > CVE-2007-3017 - Unspecified vulnerability in Activeweb Contentserver
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN activeweb
exploit available
Summary
The WYSIWYG editor applet in activeWeb contentserver CMS before 5.6.2964 only filters malicious tags from articles sent to admin/applets/wysiwyg/rendereditor.asp, which allows remote authenticated users to inject arbitrary JavaScript via a request to admin/worklist/worklist_edit.asp.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | ActiveWeb Contentserver 5.6.2929 CMS Client Side Filtering Bypass Vulnerability. CVE-2007-3017. Webapps exploit for php platform |
| id | EDB-ID:30299 |
| last seen | 2016-02-03 |
| modified | 2007-07-13 |
| published | 2007-07-13 |
| reporter | RedTeam Pentesting |
| source | https://www.exploit-db.com/download/30299/ |
| title | ActiveWeb Contentserver 5.6.2929 CMS Client Side Filtering Bypass Vulnerability |
References
- http://osvdb.org/39745
- http://osvdb.org/39745
- http://secunia.com/advisories/26063
- http://secunia.com/advisories/26063
- http://securityreason.com/securityalert/2900
- http://securityreason.com/securityalert/2900
- http://www.redteam-pentesting.de/advisories/rt-sa-2007-006.php
- http://www.redteam-pentesting.de/advisories/rt-sa-2007-006.php
- http://www.securityfocus.com/archive/1/473627/100/0/threaded
- http://www.securityfocus.com/archive/1/473627/100/0/threaded
- http://www.securityfocus.com/bid/24898
- http://www.securityfocus.com/bid/24898
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35399
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35399