ID OSVDB:38828 Type osvdb Reporter lammat() Modified 2007-11-26T00:00:00
Description
Vulnerability Description
JAF CMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'print' variable upon submission to the 'print.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
Solution Description
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.
{"bulletinFamily": "software", "viewCount": 0, "reporter": "lammat()", "references": [], "description": "## Vulnerability Description\nJAF CMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'print' variable upon submission to the 'print.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nJAF CMS print.php print Variable XSS\n## References:\n[Secunia Advisory ID:27807](https://secuniaresearch.flexerasoftware.com/advisories/27807/)\n[Related OSVDB ID: 38827](https://vulners.com/osvdb/OSVDB:38827)\nISS X-Force ID: 38637\n[CVE-2007-6142](https://vulners.com/cve/CVE-2007-6142)\nBugtraq ID: 26581\n", "affectedSoftware": [], "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "6ab008c781bf5a46c5760b1b7b8d1c67"}, {"key": "cvss", "hash": "6e9bdd2021503689a2ad9254c9cdf2b3"}, {"key": "description", "hash": "78710c1c72b9d48a4e6f2a2be5989d67"}, {"key": "href", "hash": "72261b8d4bfa50896753dc8acf12017f"}, {"key": "modified", "hash": "f1b1aafb4c2ee25b4bc077f255f507f6"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "f1b1aafb4c2ee25b4bc077f255f507f6"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "3fb77ed0d14cf17ae637f3af0d5d1413"}, {"key": "title", "hash": "d247514ccc2f48f18f25ae6642153146"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "href": "https://vulners.com/osvdb/OSVDB:38828", "modified": "2007-11-26T00:00:00", "objectVersion": "1.2", "enchantments": {"score": {"value": 4.3, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-6142"]}, {"type": "osvdb", "idList": ["OSVDB:38827"]}], "modified": "2017-04-28T13:20:34"}, "vulnersScore": 4.3}, "id": "OSVDB:38828", "title": "JAF CMS print.php print Variable XSS", "hash": "2cf7b95d58f0c081e6046b80c47e1c3f85747bc6be0898295ac6950b8588d9d5", "edition": 1, "published": "2007-11-26T00:00:00", "type": "osvdb", "history": [], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "cvelist": ["CVE-2007-6142"], "lastseen": "2017-04-28T13:20:34"}
{"cve": [{"lastseen": "2017-07-29T11:22:22", "bulletinFamily": "NVD", "description": "Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just another flat file (JAF) CMS 4.0 RC2 allow remote attackers to inject arbitrary web script or HTML via the (1) show parameter to index.php and the (2) print parameter to print.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.", "modified": "2017-07-28T21:34:02", "published": "2007-11-27T14:46:00", "id": "CVE-2007-6142", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6142", "title": "CVE-2007-6142", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:34", "bulletinFamily": "software", "description": "## Vulnerability Description\nJAF CMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'show' variable upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nJAF CMS index.php show Variable XSS\n## References:\n[Secunia Advisory ID:27807](https://secuniaresearch.flexerasoftware.com/advisories/27807/)\n[Related OSVDB ID: 38828](https://vulners.com/osvdb/OSVDB:38828)\nISS X-Force ID: 38637\n[CVE-2007-6142](https://vulners.com/cve/CVE-2007-6142)\nBugtraq ID: 26581\n", "modified": "2007-11-26T00:00:00", "published": "2007-11-26T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:38827", "id": "OSVDB:38827", "title": "JAF CMS index.php show Variable XSS", "type": "osvdb", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}]}
