PT-2007-1737 · Ezboxx · Ezboxx Portal System

Published

2007-01-16

Updated

2018-10-16

CVE-2007-0265

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Ezboxx Portal System versions prior to 0.7.7

Description The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to security breaches. This can be achieved via the pic parameter to "custom/piczoom.asp", the nocatname parameter to "boxx/user-upload.asp", or the iid parameter to "indexes/newscomments.asp".

Recommendations For Ezboxx Portal System versions prior to 0.7.7, update to version 0.7.7 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-0265

Affected Products

Ezboxx Portal System

PT-2007-1737 · Ezboxx · Ezboxx Portal System

CVE-2007-0265

Related Identifiers

Affected Products

References · 11