PT-2007-4412 · Utopia · Utopia News Pro

Published

2007-06-19

Updated

2018-10-16

CVE-2007-3129

CVSS v2.0

2.6

Low

Vector

AV:N/AC:H/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions: Utopia News Pro version 1.4.0

Description: A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the password parameter in the login.php file.

Recommendations: For Utopia News Pro version 1.4.0, consider restricting access to the login.php file until a patch is available, and avoid using the password parameter in the affected API endpoint until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-3129

Affected Products

Utopia News Pro

PT-2007-4412 · Utopia · Utopia News Pro

CVE-2007-3129

Related Identifiers

Affected Products

References · 10