CVE-2007-3137
published 2007-06-08CVE-2007-3137: Multiple cross-site scripting (XSS) vulnerabilities in 4print.asp in WmsCMS 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via…
PriorityP418medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.80%
75.8th percentile
Multiple cross-site scripting (XSS) vulnerabilities in 4print.asp in WmsCMS 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) sbl, (2) sbr, or (3) search parameter. NOTE: the original disclosure claims the pageid parameter in index.php is affected, but this is incorrect.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| webmaster_solutions | wmscms | — | — |
| wmsdesign | wmscms | <= 2.0 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wwqp-pxgc-w8wf: Multiple cross-site scripting (XSS) vulnerabilities in default
ghsa_unreviewed·2022-05-17·CVSS 4.3
CVE-2010-2316 [MEDIUM] CWE-79 GHSA-wwqp-pxgc-w8wf: Multiple cross-site scripting (XSS) vulnerabilities in default
Multiple cross-site scripting (XSS) vulnerabilities in default.asp in WmsCms 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) search, (2) sbr, (3) p, and (4) sbl parameters, different vectors than CVE-2007-3137.
GHSA
GHSA-5qg9-jjv7-fhcw: Multiple cross-site scripting (XSS) vulnerabilities in 4print
ghsa_unreviewed·2022-05-01
CVE-2007-3137 [MEDIUM] CWE-79 GHSA-5qg9-jjv7-fhcw: Multiple cross-site scripting (XSS) vulnerabilities in 4print
Multiple cross-site scripting (XSS) vulnerabilities in 4print.asp in WmsCMS 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) sbl, (2) sbr, or (3) search parameter. NOTE: the original disclosure claims the pageid parameter in index.php is affected, but this is incorrect.
No detection rules found.
Exploit-DB
WmsCMS - Cross-Site Scripting / SQL Injection
exploitdb·2010-06-06
CVE-2010-2317 WmsCMS - Cross-Site Scripting / SQL Injection
WmsCMS - Cross-Site Scripting / SQL Injection
---
# Title: XSS, SQL injection vulnerability in WmsCMS
# EDB-ID:
# CVE: ()
# OSVDB-ID: ()
# Author: Ariko-Security
# Published: 2010-06-05
============ { Ariko-Security - Advisory #1/6/2010 } =============
XSS, SQL injection vulnerability in WMSCMS
2007 Secunia Advisory SA25583 (only XSS 3 params)
Vendor's Description of Software:
# http://www.wmsdesign.net
Demo
# http://wmscms.com
Dork:
# n/a
Application Info:
# Name: WMSCMS
# ALL versions
Vulnerability Info:
# Type: XSS
# Type: SQL injection Vulnerability
Fix:
# N/A
Time Table:
# 10/05/2010 - Vendor notified.
Input passed via the "search","sbr","pid","sbl","FilePath" parameters to default.asp is not properly
sanitised before being used in a SQL query.
Input passed via the "sb
Exploit-DB
WMSCMS 2.0 - Multiple Cross-Site Scripting Vulnerabilities
exploitdb·2007-06-07
CVE-2007-3137 WMSCMS 2.0 - Multiple Cross-Site Scripting Vulnerabilities
WMSCMS 2.0 - Multiple Cross-Site Scripting Vulnerabilities
---
source: https://www.securityfocus.com/bid/24365/info
WmsCMS is prone to multiple cross-site scripting vulnerabilities because it fails to adequately sanitize user-supplied input data before rendering it in a user's browser.
Attackers could exploit these issues to steal cookie-based authentication credentials from legitimate users of the site; other attacks are also possible.
WmsCMS 2.0 is vulnerable; other versions may also be affected.
http://www.example.com/4print.asp?p=60&sbl=>">[XSS]
http://www.example.com/4print.asp?p=60&sbr=>">[XSS]
No writeups or analysis indexed.
http://osvdb.org/37144http://secunia.com/advisories/25583http://securityreason.com/securityalert/2789http://www.securityfocus.com/archive/1/470758/100/0/threadedhttp://www.securityfocus.com/bid/24365https://exchange.xforce.ibmcloud.com/vulnerabilities/34763http://osvdb.org/37144http://secunia.com/advisories/25583http://securityreason.com/securityalert/2789http://www.securityfocus.com/archive/1/470758/100/0/threadedhttp://www.securityfocus.com/bid/24365https://exchange.xforce.ibmcloud.com/vulnerabilities/34763
2007-06-08
Published