CVE-2007-2300

Multiple cross-site scripting (XSS) vulnerabilities in Endy Kristanto Surat kabar / News Management Online (aka phpwebnews) 0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the m_txt parameter to (1) iklan.php, (2) index.php, or (3) bukutamu.php.

Link	Resource
http://www.securityfocus.com/bid/23448	Exploit
http://www.osvdb.org/35365
http://www.osvdb.org/35366
http://www.osvdb.org/35367
http://securityreason.com/securityalert/2643
https://exchange.xforce.ibmcloud.com/vulnerabilities/33641
http://www.securityfocus.com/archive/1/465545/100/0/threaded

Configuration 1

cpe:2.3:a:surat_kabar:phpwebnews:0.1:*:*:*:*:*:*:* cpe:2.3:a:surat_kabar:phpwebnews:0.2:*:*:*:*:*:*:*

---

Published : 2007-04-26 09:19

Updated : 2018-10-16 04:43

---

NVD link : CVE-2007-2300

Mitre link : CVE-2007-2300

No products.

NVD-CWE-Other