PT-2007-2669 · Built2Go · Built2Go News Manager Blog

The_3Dit0R

Publicado

2007-03-03

Atualizado

2018-10-16

CVE-2007-1248

CVSS v2.0

4.3

Média

Vetor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions built2go News Manager Blog version 1.0

Description The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the cid, uid, and nid parameters to "news.php", and the nid parameter to "rating.php".

Recommendations For built2go News Manager Blog version 1.0, consider restricting access to the "news.php" and "rating.php" endpoints until a fix is available. As a temporary workaround, avoid using the cid, uid, and nid parameters in the affected API endpoints.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2007-1248

Produtos afetados

Built2Go News Manager Blog

PT-2007-2669 · Built2Go · Built2Go News Manager Blog

CVE-2007-1248

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9