Vulnerabilities > CVE-2007-3017 - Unspecified vulnerability in Activeweb Contentserver

047910
CVSS 4.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
activeweb
exploit available
NVD
Published: 2007-07-17
Updated: 2018-10-16

Summary

The WYSIWYG editor applet in activeWeb contentserver CMS before 5.6.2964 only filters malicious tags from articles sent to admin/applets/wysiwyg/rendereditor.asp, which allows remote authenticated users to inject arbitrary JavaScript via a request to admin/worklist/worklist_edit.asp.

Vulnerable Configurations

Part Description Count
Application
Activeweb
1

Exploit-Db

descriptionActiveWeb Contentserver 5.6.2929 CMS Client Side Filtering Bypass Vulnerability. CVE-2007-3017. Webapps exploit for php platform
idEDB-ID:30299
last seen2016-02-03
modified2007-07-13
published2007-07-13
reporterRedTeam Pentesting
sourcehttps://www.exploit-db.com/download/30299/
titleActiveWeb Contentserver 5.6.2929 CMS Client Side Filtering Bypass Vulnerability

References