Cross site scripting

2007-12-1501:46:00

PRIOn knowledge base

www.prio-n.com

5.8 Medium

AI Score

Confidence

High

0.022 Low

EPSS

Percentile

89.5%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the guestbook in SineCMS 2.3.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) username (user) or (2) comment (commento) field, different vectors than CVE-2007-2357.

CPENameOperatorVersion
sinecmsle2.3.4

CPE	Name	Operator	Version
	sinecms	le	2.3.4

References

secunia.com/advisories/27949

securityreason.com/securityalert/3444

www.securityfocus.com/archive/1/484648/100/0/threaded

www.securityfocus.com/archive/1/485267/100/200/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/38893

www.exploit-db.com/exploits/4693