CVE-2007-1965
published 2007-04-11CVE-2007-1965: Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS 2.0.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the…
PriorityP413medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.02%
59.1th percentile
Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS 2.0.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the set_lang parameter to (1) archive.php, (2) article.php, (3) index.php, or (4) topics.php.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| exv2 | content_management_system | <= 2.0.4.3 | — |
| exv2 | content_management_system | <= 2.0.5 | — |
| exv2 | exv2 | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-j4jf-g93f-79pj: Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS 2
ghsa_unreviewed·2022-05-17·CVSS 4.3
CVE-2010-4155 [MEDIUM] CWE-79 GHSA-j4jf-g93f-79pj: Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS 2
Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS 2.10 allow remote attackers to inject arbitrary web script or HTML via the (1) rssfeedURL parameter to manual/caferss/example.php and the sumb parameter to (2) modules/news/archive.php, (3) modules/news/topics.php, and (4) modules/contact/index.php, different vectors than CVE-2007-1965.
GHSA
GHSA-4ffq-cv3j-qm3q: Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS 2
ghsa_unreviewed·2022-05-01
CVE-2007-1965 [MEDIUM] GHSA-4ffq-cv3j-qm3q: Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS 2
Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS 2.0.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the set_lang parameter to (1) archive.php, (2) article.php, (3) index.php, or (4) topics.php.
GHSA
GHSA-8j2f-wxx3-3hpg: Cross-site scripting (XSS) vulnerability in eXV2 CMS 2
ghsa_unreviewed·2022-05-01·CVSS 4.3
CVE-2007-4365 [MEDIUM] GHSA-8j2f-wxx3-3hpg: Cross-site scripting (XSS) vulnerability in eXV2 CMS 2
Cross-site scripting (XSS) vulnerability in eXV2 CMS 2.0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a set_lang cookie to an unspecified component. NOTE: this may overlap CVE-2007-1965.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2007-04-11
Published