CVE Vulnerability

CVE-2007-3137

Multiple cross-site scripting (XSS) vulnerabilities in 4print.asp in WmsCMS 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) sbl, (2) sbr, or (3) search parameter. NOTE: the original disclosure claims the pageid parameter in index.php is affected, but this is incorrect.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

References
Link Resource
http://www.securityfocus.com/bid/24365 Exploit
http://secunia.com/advisories/25583 Vendor Advisory
http://securityreason.com/securityalert/2789
http://osvdb.org/37144
https://exchange.xforce.ibmcloud.com/vulnerabilities/34763
http://www.securityfocus.com/archive/1/470758/100/0/threaded
Configurations

Configuration 1

cpe:2.3:a:webmaster_solutions:wmscms:2.0:*:*:*:*:*:*:*
Information

Published : 2007-06-08 04:30

Updated : 2018-10-16 04:47

NVD link : CVE-2007-3137

Mitre link : CVE-2007-3137

Products Affected
No products.
CWE
CWE-79