ID CVE-2007-5251Type cveReporter cve@mitre.orgModified 2017-07-29T01:33:00
Description
Multiple cross-site scripting (XSS) vulnerabilities in Helm 3.2.16 allow remote attackers to inject arbitrary web script or HTML via (1) the showOption parameter to domain.asp, or the (2) Folder or (3) StartPath parameter to FileManager.asp.
{"id": "CVE-2007-5251", "bulletinFamily": "NVD", "title": "CVE-2007-5251", "description": "Multiple cross-site scripting (XSS) vulnerabilities in Helm 3.2.16 allow remote attackers to inject arbitrary web script or HTML via (1) the showOption parameter to domain.asp, or the (2) Folder or (3) StartPath parameter to FileManager.asp.", "published": "2007-10-06T17:17:00", "modified": "2017-07-29T01:33:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5251", "reporter": "cve@mitre.org", "references": ["http://www.securityfocus.com/bid/25940", "http://pridels-team.blogspot.com/2007/10/helm-xss-vuln.html", "https://exchange.xforce.ibmcloud.com/vulnerabilities/36962", "http://secunia.com/advisories/27080"], "cvelist": ["CVE-2007-5251"], "type": "cve", "lastseen": "2019-05-29T18:09:01", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "3060d0da67ffee6d4e280fca40eac476"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "460c69d1abed2a15b4fcd07415583b0a"}, {"key": "cpe23", "hash": "be17c3c11504d1008602d59ba5ec734f"}, {"key": "cvelist", "hash": "3dbee0951300dbf91dea0315db7f7ec1"}, {"key": "cvss", "hash": "f74a1c24e49a5ecb0eefb5e51d4caa14"}, {"key": "cvss2", "hash": "25131d66a9f3961140b068f4b41aa42b"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "af0af2f5bbde88e770c1690312b27188"}, {"key": "description", "hash": "927c6dbbe3b772020cd9bb71a4008bff"}, {"key": "href", "hash": "02a4af414c60dd227f9a79561c1dd6e1"}, {"key": "modified", "hash": "655503c7ae2620a40902061b8dea8781"}, {"key": "published", "hash": "86b918b37764d65f9af5ac580769a420"}, {"key": "references", "hash": "5510041551314fda08b48de0e90a3842"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "ecffc987a9bbf7ffb98811b18a5d2f54"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "addde45cbef8004b556b939f763c3fa053d6f83181c5af00038a47c6005affd7", "viewCount": 0, "enchantments": {"score": {"value": 4.6, "vector": "NONE", "modified": "2019-05-29T18:09:01"}, "dependencies": {"references": [{"type": "osvdb", "idList": ["OSVDB:37461", "OSVDB:37462"]}], "modified": "2019-05-29T18:09:01"}, "vulnersScore": 4.6}, "objectVersion": "1.3", "cpe": ["cpe:/a:webhost_automation:helm_web_hosting_control_panel:3.2.16"], "affectedSoftware": [{"name": "webhost_automation helm_web_hosting_control_panel", "operator": "eq", "version": "3.2.16"}], "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {}, "cpe23": ["cpe:2.3:a:webhost_automation:helm_web_hosting_control_panel:3.2.16:*:*:*:*:*:*:*"], "cwe": ["CWE-352"]}
{"osvdb": [{"lastseen": "2017-04-28T13:20:33", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nVendor URL: http://www.webhostautomation.com\n[Secunia Advisory ID:27080](https://secuniaresearch.flexerasoftware.com/advisories/27080/)\n[Related OSVDB ID: 37462](https://vulners.com/osvdb/OSVDB:37462)\nOther Advisory URL: http://pridels-team.blogspot.com/2007/10/helm-xss-vuln.html\nISS X-Force ID: 36962\n[CVE-2007-5251](https://vulners.com/cve/CVE-2007-5251)\nBugtraq ID: 25940\n", "modified": "2007-10-04T00:00:00", "published": "2007-10-04T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:37461", "id": "OSVDB:37461", "title": "Helm Web Hosting Control Panel interfaces/standard/domain.asp showOption Variable XSS", "type": "osvdb", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:33", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nVendor URL: http://www.webhostautomation.com\n[Secunia Advisory ID:27080](https://secuniaresearch.flexerasoftware.com/advisories/27080/)\n[Related OSVDB ID: 37461](https://vulners.com/osvdb/OSVDB:37461)\nOther Advisory URL: http://pridels-team.blogspot.com/2007/10/helm-xss-vuln.html\nISS X-Force ID: 36962\n[CVE-2007-5251](https://vulners.com/cve/CVE-2007-5251)\nBugtraq ID: 25940\n", "modified": "2007-10-04T00:00:00", "published": "2007-10-04T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:37462", "id": "OSVDB:37462", "title": "Helm Web Hosting Control Panel interfaces/standard/FileManager.asp Multiple Variable XSS", "type": "osvdb", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}]}
