PT-2007-2669 · Built2Go · Built2Go News Manager Blog

The_3Dit0R

Published

2007-03-03

Updated

2018-10-16

CVE-2007-1248

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions built2go News Manager Blog version 1.0

Description The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the cid, uid, and nid parameters to "news.php", and the nid parameter to "rating.php".

Recommendations For built2go News Manager Blog version 1.0, consider restricting access to the "news.php" and "rating.php" endpoints until a fix is available. As a temporary workaround, avoid using the cid, uid, and nid parameters in the affected API endpoints.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2007-1248

Affected Products

Built2Go News Manager Blog

PT-2007-2669 · Built2Go · Built2Go News Manager Blog

CVE-2007-1248

Weakness Enumeration

Related Identifiers

Affected Products

References · 9