PT-2007-2289 · Otscms · Open Tibia Server Cms

Gregstar

Published

2007-02-08

Updated

2017-10-19

CVE-2007-0846

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: Open Tibia Server CMS (OTSCMS) versions 2.1.5 and earlier

Description: A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary HTML or web script via the name parameter in the "forum.php" file.

Recommendations: For Open Tibia Server CMS (OTSCMS) versions 2.1.5 and earlier, avoid using the name parameter in the "forum.php" file until a fix is available. As a temporary workaround, consider restricting access to the "forum.php" file to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-0846

Affected Products

Open Tibia Server Cms

PT-2007-2289 · Otscms · Open Tibia Server Cms

CVE-2007-0846

Related Identifiers

Affected Products

References · 6