Vulnerabilities > CVE-2007-3017 - Unspecified vulnerability in Activeweb Contentserver
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
The WYSIWYG editor applet in activeWeb contentserver CMS before 5.6.2964 only filters malicious tags from articles sent to admin/applets/wysiwyg/rendereditor.asp, which allows remote authenticated users to inject arbitrary JavaScript via a request to admin/worklist/worklist_edit.asp.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | ActiveWeb Contentserver 5.6.2929 CMS Client Side Filtering Bypass Vulnerability. CVE-2007-3017. Webapps exploit for php platform |
id | EDB-ID:30299 |
last seen | 2016-02-03 |
modified | 2007-07-13 |
published | 2007-07-13 |
reporter | RedTeam Pentesting |
source | https://www.exploit-db.com/download/30299/ |
title | ActiveWeb Contentserver 5.6.2929 CMS Client Side Filtering Bypass Vulnerability |
References
- http://osvdb.org/39745
- http://secunia.com/advisories/26063
- http://securityreason.com/securityalert/2900
- http://www.redteam-pentesting.de/advisories/rt-sa-2007-006.php
- http://www.securityfocus.com/archive/1/473627/100/0/threaded
- http://www.securityfocus.com/bid/24898
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35399