Design/Logic Flaw

The WYSIWYG editor applet in activeWeb contentserver CMS before 5.6.2964 only filters malicious tags from articles sent to admin/applets/wysiwyg/rendereditor.asp, which allows remote authenticated users to inject arbitrary JavaScript via a request to admin/worklist/worklistedit.asp...

CVE-2007-3018

CVE-2007-3018 concerns activeWeb contentserver CMS prior to 5.6.2964, where editors with restricted accounts could create files in arbitrary directories. This is a permission settings flaw in the CMS editor interface, allowing creation of new documents outside permitted folders. The fixed version...

CVE-2007-3017

The CVE-2007-3017 issue affects the activeWeb contentserver CMS (WYSIWYG editor applet). The root cause is insufficient server-side filtering of article content, where malicious tags bypass client-side protections and enable JavaScript injection via a POST to admin/worklist/worklist_edit.asp afte...

Re: [Full-disclosure] ActiveWeb Contentserver CMS Multiple Cross Site Scriptings

didn't find this in your list. Work for their online demo site not sure if it works in actual deployment -...

[Full-disclosure] ActiveWeb Contentserver CMS Editor Permission Settings Problem

Advisory: ActiveWeb Contentserver CMS Editor Permission Settings Problem RedTeam Pentesting discovered a problem with the permission settings in the management interface of the activeWeb contentserver CMS during a penetration test. The ability of an editor to create and edit documents can be...