2 matches found
CVE-2007-3017
The CVE-2007-3017 issue affects the activeWeb contentserver CMS (WYSIWYG editor applet). The root cause is insufficient server-side filtering of article content, where malicious tags bypass client-side protections and enable JavaScript injection via a POST to admin/worklist/worklist_edit.asp afte...
[Full-disclosure] ActiveWeb Contentserver CMS Clientside Filtering of Page Editor Content
Advisory: ActiveWeb Contentserver CMS Clientside Filtering of Page Editor Content RedTeam Pentesting discovered a design vulnerability in the page editor of the activeWeb contentserver CMS during a penetration test. Filtering of user content, e.g. to prevent the usage of Javascript code, is done ...