CVE-2007-2732
published 2007-05-16CVE-2007-2732: Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS allow remote attackers to inject arbitrary web script or HTML via the (1) path parameter to…
PriorityP425medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
4.10%
89.5th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS allow remote attackers to inject arbitrary web script or HTML via the (1) path parameter to view/search/; or the (2) companyname, (3) country, (4) email, (5) firstname, (6) middlename, (7) required, (8) surname, or (9) title parameter to view/supplynews/.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jetbox | jetbox_cms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Jetbox CMS 2.1 - view/supplynews Multiple Cross-Site Scripting Vulnerabilities
exploitdb·2007-05-15
CVE-2007-2732 Jetbox CMS 2.1 - view/supplynews Multiple Cross-Site Scripting Vulnerabilities
Jetbox CMS 2.1 - view/supplynews Multiple Cross-Site Scripting Vulnerabilities
---
source: https://www.securityfocus.com/bid/23999/info
Jetbox CMS is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials and to launch other attacks.
Jetbox CMS 2.1 is vulnerable.
http://www.example.com/jetbox/index.php/view/supplynews/?companyname=[xss]
http://www.example.com/jetbox/index.php/view/supplynews/?companyname=1&country=[xss]
http://www.example.com/jetbox/index.php/view/supplynews/?companyname=1&country=1&email=[xss] http://www.example.com/jetbox/index.php/view/supplynews/?companyname=1&country=1&email=1&firstname=[xss] http://www.ex
Exploit-DB
Jetbox CMS 2.1 - '/view/search/?path' Cross-Site Scripting
exploitdb·2007-05-15
CVE-2007-2732 Jetbox CMS 2.1 - '/view/search/?path' Cross-Site Scripting
Jetbox CMS 2.1 - '/view/search/?path' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/23999/info
Jetbox CMS is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials and to launch other attacks.
Jetbox CMS 2.1 is vulnerable.
http://www.example.com/jetbox/index.php/view/search/?path=[xss]
No writeups or analysis indexed.
http://osvdb.org/37451http://osvdb.org/37452http://securityreason.com/securityalert/2711http://www.securityfocus.com/archive/1/468681/100/0/threadedhttp://www.securityfocus.com/bid/23999http://www.vupen.com/english/advisories/2007/1831http://osvdb.org/37451http://osvdb.org/37452http://securityreason.com/securityalert/2711http://www.securityfocus.com/archive/1/468681/100/0/threadedhttp://www.securityfocus.com/bid/23999http://www.vupen.com/english/advisories/2007/1831
2007-05-16
Published