CVE-2007-6367

2007-12-1501:00:00

mitre

www.cve.org

5.6 Medium

AI Score

Confidence

High

0.022 Low

EPSS

Percentile

89.5%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the guestbook in SineCMS 2.3.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) username (user) or (2) comment (commento) field, different vectors than CVE-2007-2357.

References

secunia.com/advisories/27949

securityreason.com/securityalert/3444

www.securityfocus.com/archive/1/484648/100/0/threaded

www.securityfocus.com/archive/1/485267/100/200/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/38893

www.exploit-db.com/exploits/4693