Vulnerabilities > CVE-2007-4115 - Cross-Site Scripting vulnerability in Itcms 0.2

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
itcms
exploit available

Summary

Multiple cross-site scripting (XSS) vulnerabilities in IT!CMS (itcms) 0.2 allow remote attackers to inject arbitrary web script or HTML via the wndtitle parameter to (1) lang-en.php, (2) menu-ed.php, or (3) titletext-ed.php.

Vulnerable Configurations

Part Description Count
Application
Itcms
1

Exploit-Db

  • descriptionIT!CMS 0.2 titletext-ed.php wndtitle Parameter XSS. CVE-2007-4115. Webapps exploit for php platform
    idEDB-ID:30435
    last seen2016-02-03
    modified2007-07-30
    published2007-07-30
    reporterAria-Security Team
    sourcehttps://www.exploit-db.com/download/30435/
    titleIT!CMS 0.2 titletext-ed.php wndtitle Parameter XSS
  • descriptionIT!CMS 0.2 lang-en.php wndtitle Parameter XSS. CVE-2007-4115. Webapps exploit for php platform
    idEDB-ID:30433
    last seen2016-02-03
    modified2007-07-30
    published2007-07-30
    reporterAria-Security Team
    sourcehttps://www.exploit-db.com/download/30433/
    titleIT!CMS 0.2 lang-en.php wndtitle Parameter XSS
  • descriptionIT!CMS 0.2 menu-ed.php wndtitle Parameter XSS. CVE-2007-4115. Webapps exploit for php platform
    idEDB-ID:30434
    last seen2016-02-03
    modified2007-07-30
    published2007-07-30
    reporterAria-Security Team
    sourcehttps://www.exploit-db.com/download/30434/
    titleIT!CMS 0.2 menu-ed.php wndtitle Parameter XSS