PT-2007-6222 · Simpgb · Simpgb
Published
2007-09-27
·
Updated
2018-10-15
·
CVE-2007-5127
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
SimpGB version 1.46.02
Description
The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the
l username parameter to the default URI under "admin/" or the l emoticonlist parameter to "admin/emoticonlist.php".Recommendations
For SimpGB version 1.46.02, avoid using the
l username and l emoticonlist parameters in the affected API endpoints until the issue is resolved. Restrict access to the "admin/" directory and "admin/emoticonlist.php" to minimize the risk of exploitation.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Simpgb