Description:
Cross site scripting describes attacks that allow to insert malicious
html or javascript code via get or post forms. This can be used to steal
session cookies.
toendacms is a content management system. The search function can be used
to inject javascript code.
Workaround/Fix:
There's no vendor fix.
Vendor has been contacted 2007-03-11 and replied that they were working on
the issue.
CVE Information:
The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CVE-2007-1872 to this issue. This is a candidate for inclusion in
the CVE list (http://cve.mitre.org/), which standardizes names for
security problems.
Credits and copyright:
This vulnerability was discovered by Hanno Boeck of schokokeks.org
webhosting.
It's licensed creative commons attribution:
http://creativecommons.org/licenses/by/3.0/
Hanno Boeck, 2007-04-12, http://www.hboeck.de
{"id": "SECURITYVULNS:DOC:16682", "bulletinFamily": "software", "title": "CVE-2007-1872: Cross site scripting in toendaCMS 1.5.3", "description": "Cross site scripting in toendaCMS 1.5.3\r\n\r\nsecurity advisory\r\n\r\nReferences:\r\n http://www.toendacms.com/\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1872\r\n\r\nDescription:\r\n Cross site scripting describes attacks that allow to insert malicious\r\n html or javascript code via get or post forms. This can be used to steal\r\n session cookies.\r\n toendacms is a content management system. The search function can be used\r\n to inject javascript code.\r\n\r\nWorkaround/Fix:\r\n There's no vendor fix.\r\n Vendor has been contacted 2007-03-11 and replied that they were working on\r\n the issue.\r\n\r\nSample Code:\r\n <form action="http://toendainstallation/" method="post">\r\n <input type="hidden" name="searchword" value='"><script>alert(1)</script>'>\r\n <input type="hidden" name="id" value="search">\r\n <input type="submit"></form>\r\n\r\nCVE Information:\r\n The Common Vulnerabilities and Exposures (CVE) project has assigned the\r\n name CVE-2007-1872 to this issue. This is a candidate for inclusion in\r\n the CVE list (http://cve.mitre.org/), which standardizes names for\r\n security problems.\r\n\r\nCredits and copyright:\r\n This vulnerability was discovered by Hanno Boeck of schokokeks.org\r\n webhosting.\r\n It's licensed creative commons attribution:\r\n http://creativecommons.org/licenses/by/3.0/\r\n\r\n Hanno Boeck, 2007-04-12, http://www.hboeck.de", "published": "2007-04-12T00:00:00", "modified": "2007-04-12T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:16682", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2007-1872"], "type": "securityvulns", "lastseen": "2018-08-31T11:10:21", "edition": 1, "viewCount": 13, "enchantments": {"score": {"value": 6.0, "vector": "NONE", "modified": "2018-08-31T11:10:21", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-1872"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:55889"]}, {"type": "exploitdb", "idList": ["EDB-ID:29849"]}, {"type": "osvdb", "idList": ["OSVDB:34898"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:7570"]}], "modified": "2018-08-31T11:10:21", "rev": 2}, "vulnersScore": 6.0}, "affectedSoftware": []}
{"cve": [{"lastseen": "2021-02-02T05:31:22", "description": "Cross-site scripting (XSS) vulnerability in toendaCMS 1.5.3 allows remote attackers to inject arbitrary web script or HTML via the searchword parameter in a search id.", "edition": 4, "cvss3": {}, "published": "2007-04-13T18:19:00", "title": "CVE-2007-1872", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-1872"], "modified": "2018-10-16T16:41:00", "cpe": ["cpe:/a:toenda_software_development:toendacms:1.5.3"], "id": "CVE-2007-1872", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1872", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:toenda_software_development:toendacms:1.5.3:*:*:*:*:*:*:*"]}], "packetstorm": [{"lastseen": "2016-12-05T22:19:05", "description": "", "published": "2007-04-12T00:00:00", "type": "packetstorm", "title": "CVE-2007-1872.txt", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-1872"], "modified": "2007-04-12T00:00:00", "id": "PACKETSTORM:55889", "href": "https://packetstormsecurity.com/files/55889/CVE-2007-1872.txt.html", "sourceData": "`Cross site scripting in toendaCMS 1.5.3 \n \nsecurity advisory \n \nReferences: \nhttp://www.toendacms.com/ \nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1872 \n \nDescription: \nCross site scripting describes attacks that allow to insert malicious \nhtml or javascript code via get or post forms. This can be used to steal \nsession cookies. \ntoendacms is a content management system. The search function can be used \nto inject javascript code. \n \nWorkaround/Fix: \nThere's no vendor fix. \nVendor has been contacted 2007-03-11 and replied that they were working on \nthe issue. \n \nSample Code: \n<form action=\"http://toendainstallation/\" method=\"post\"> \n<input type=\"hidden\" name=\"searchword\" value='\"><script>alert(1)</script>'> \n<input type=\"hidden\" name=\"id\" value=\"search\"> \n<input type=\"submit\"></form> \n \nCVE Information: \nThe Common Vulnerabilities and Exposures (CVE) project has assigned the \nname CVE-2007-1872 to this issue. This is a candidate for inclusion in \nthe CVE list (http://cve.mitre.org/), which standardizes names for \nsecurity problems. \n \nCredits and copyright: \nThis vulnerability was discovered by Hanno Boeck of schokokeks.org \nwebhosting. \nIt's licensed creative commons attribution: \nhttp://creativecommons.org/licenses/by/3.0/ \n \nHanno Boeck, 2007-04-12, http://www.hboeck.de \n`\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/55889/CVE-2007-1872.txt"}], "osvdb": [{"lastseen": "2017-04-28T13:20:31", "bulletinFamily": "software", "cvelist": ["CVE-2007-1872"], "description": "# No description provided by the source\n\n## References:\n[Secunia Advisory ID:24869](https://secuniaresearch.flexerasoftware.com/advisories/24869/)\nOther Advisory URL: http://int21.de/cve/CVE-2007-1872-toendacms.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-04/0188.html\nISS X-Force ID: 33622\nFrSIRT Advisory: ADV-2007-1372\n[CVE-2007-1872](https://vulners.com/cve/CVE-2007-1872)\nBugtraq ID: 23453\n", "edition": 1, "modified": "2007-04-11T06:48:54", "published": "2007-04-11T06:48:54", "href": "https://vulners.com/osvdb/OSVDB:34898", "id": "OSVDB:34898", "title": "toendaCMS Search ID searchword Variable XSS", "type": "osvdb", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "exploitdb": [{"lastseen": "2016-02-03T11:15:29", "description": "ToendaCMS 1.5.3 HTTP Get And Post Forms HTML Injection Vulnerability. CVE-2007-1872 . Webapps exploit for php platform", "published": "2007-04-12T00:00:00", "type": "exploitdb", "title": "ToendaCMS 1.5.3 HTTP Get And Post Forms HTML Injection Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-1872"], "modified": "2007-04-12T00:00:00", "id": "EDB-ID:29849", "href": "https://www.exploit-db.com/exploits/29849/", "sourceData": "source: http://www.securityfocus.com/bid/23453/info\r\n\r\nToendaCMS is prone to an HTML-injection scripting vulnerability because the application fails to properly sanitize user-supplied input.\r\n\r\nAttacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.\r\n\r\nThis issue affects ToendaCMS 1.5.3; other versions may also be affected. \r\n\r\n<form action=\"http://toendainstallation/\" method=\"post\">\r\n <input type=\"hidden\" name=\"searchword\" value='\"><script>alert(1)</script>'>\r\n <input type=\"hidden\" name=\"id\" value=\"search\">\r\n <input type=\"submit\"></form>\r\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/29849/"}], "securityvulns": [{"lastseen": "2018-08-31T11:09:25", "bulletinFamily": "software", "cvelist": ["CVE-2007-1932", "CVE-2007-1906", "CVE-2007-1936", "CVE-2007-1929", "CVE-2007-1939", "CVE-2007-2025", "CVE-2007-1968", "CVE-2007-1931", "CVE-2007-1938", "CVE-2007-1928", "CVE-2007-1925", "CVE-2007-1871", "CVE-2007-1998", "CVE-2007-1969", "CVE-2007-1933", "CVE-2007-1920", "CVE-2007-1930", "CVE-2007-1909", "CVE-2007-1908", "CVE-2007-2024", "CVE-2007-1935", "CVE-2007-1872"], "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 1, "modified": "2007-04-12T00:00:00", "published": "2007-04-12T00:00:00", "id": "SECURITYVULNS:VULN:7570", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7570", "title": "Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}]}
