CVE Vulnerability

CVE-2007-6270

Multiple cross-site scripting (XSS) vulnerabilities in Absolute News Manager.NET 5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) rmore parameter to xlaabsolutenm.aspx and the (2) template parameter to pages/default.aspx.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

References
Link Resource
http://marc.info/?l=bugtraq&m=119678724111351&w=2
http://www.procheckup.com/Vulnerability_PR07-39.php
http://www.xigla.com/news/default.aspx
http://www.securityfocus.com/bid/26692 Exploit Patch
http://secunia.com/advisories/27923 Vendor Advisory
http://osvdb.org/40577
http://osvdb.org/40578
https://exchange.xforce.ibmcloud.com/vulnerabilities/38873
https://exchange.xforce.ibmcloud.com/vulnerabilities/38872
Configurations

Configuration 1

cpe:2.3:a:xigla:absolute_news_manager.net:5.1:*:*:*:*:*:*:*
Information

Published : 2007-12-07 11:46

Updated : 2017-08-08 01:29

NVD link : CVE-2007-6270

Mitre link : CVE-2007-6270

Products Affected
No products.
CWE
CWE-79