CVE-2007-5235
published 2007-10-06CVE-2007-5235: Cross-site scripting (XSS) vulnerability in index.php in Uebimiau 2.7.2 through 2.7.10 allows remote attackers to inject arbitrary web script or HTML via the…
PriorityP417medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.21%
64.6th percentile
Cross-site scripting (XSS) vulnerability in index.php in Uebimiau 2.7.2 through 2.7.10 allows remote attackers to inject arbitrary web script or HTML via the f_email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| uebimiau | uebimiau | — | — |
| uebimiau | uebimiau | — | — |
| uebimiau | uebimiau | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Uebimiau Webmail 2.7.2 - Multiple Vulnerabilities
exploitdb·2010-03-27
CVE-2007-5235 Uebimiau Webmail 2.7.2 - Multiple Vulnerabilities
Uebimiau Webmail 2.7.2 - Multiple Vulnerabilities
---
# Exploit Title: Uebimiau Webmail | www.DigitalWhisper.co.il
# Software Link: http://www.uebimiau.org/
# Version: <= 2.7.2
# Tested on: PHP
#
##[Cross Site Scripting]
Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected into the otherwise benign and trusted web sites. Cross-site scripting (XSS) attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user in the output it generates without validating or encoding it. (OWASP)
#
http://[SERVER]/webmail/index.php?lid=en_US&tid=clean
Exploit-DB
Uebimiau Webmail 2.7.x - 'index.php' Cross-Site Scripting
exploitdb·2007-10-03
CVE-2007-5235 Uebimiau Webmail 2.7.x - 'index.php' Cross-Site Scripting
Uebimiau Webmail 2.7.x - 'index.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/25912/info
UebiMiau is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.
http://www.example.com/index.php?lid=de&tid=modern_blue&f_user=&six=&f_email=[XSS]
No writeups or analysis indexed.
2007-10-06
Published