PT-2007-4312 · Activeweb · Activeweb Contentserver Cms

Published

2007-07-17

Updated

2018-10-16

CVE-2007-3017

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions: activeWeb contentserver CMS versions prior to 5.6.2964

Description: The issue concerns the WYSIWYG editor applet in activeWeb contentserver CMS, which inadequately filters malicious tags from articles. This allows remote authenticated users to inject arbitrary JavaScript code via a request to the "admin/worklist/worklist edit.asp" endpoint.

Recommendations: For versions prior to 5.6.2964, update to version 5.6.2964 or later to resolve the issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-3017

Affected Products

Activeweb Contentserver Cms

PT-2007-4312 · Activeweb · Activeweb Contentserver Cms

CVE-2007-3017

Related Identifiers

Affected Products

References · 10