CVE-2007-5692
published 2007-10-29CVE-2007-5692: Multiple cross-site scripting (XSS) vulnerabilities in SiteBar 3.3.8 allow remote attackers to inject arbitrary web script or HTML via (1) the lang parameter…
PriorityP421medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
4.77%
90.8th percentile
Multiple cross-site scripting (XSS) vulnerabilities in SiteBar 3.3.8 allow remote attackers to inject arbitrary web script or HTML via (1) the lang parameter to integrator.php; (2) the token parameter in a New Password action, (3) the nid_acl parameter in a Folder Properties action, or (4) the uid parameter in a Modify User action to command.php; or (5) the target parameter to index.php, different vectors than CVE-2006-3320.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sitebar | sitebar | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
SiteBar 3.3.8 - 'integrator.php?lang' Cross-Site Scripting
exploitdb·2007-10-18
CVE-2007-5692 SiteBar 3.3.8 - 'integrator.php?lang' Cross-Site Scripting
SiteBar 3.3.8 - 'integrator.php?lang' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/26126/info
SiteBar is prone to multiple input-validation vulnerabilities because it fails to properly sanitize user-supplied input.
These issues include:
- A local file-include vulnerability
- Multiple arbitrary-script-code-execution vulnerabilities
- Multiple cross-site scripting vulnerabilities
- A URI-redirection vulnerability.
Exploiting these issues can allow attackers to access potentially sensitive information, to execute arbitrary script code in the context of the webserver process, to steal cookie-based authentication credentials, and to redirect users to malicious webpages.
SiteBar 3.3.8 and prior versions are vulnerable.
http://www.example.com/integrator.php?lang=">al
Exploit-DB
SiteBar 3.3.8 - 'index.php?target' Cross-Site Scripting
exploitdb·2007-10-18
CVE-2007-5692 SiteBar 3.3.8 - 'index.php?target' Cross-Site Scripting
SiteBar 3.3.8 - 'index.php?target' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/26126/info
SiteBar is prone to multiple input-validation vulnerabilities because it fails to properly sanitize user-supplied input.
These issues include:
- A local file-include vulnerability
- Multiple arbitrary-script-code-execution vulnerabilities
- Multiple cross-site scripting vulnerabilities
- A URI-redirection vulnerability.
Exploiting these issues can allow attackers to access potentially sensitive information, to execute arbitrary script code in the context of the webserver process, to steal cookie-based authentication credentials, and to redirect users to malicious webpages.
SiteBar 3.3.8 and prior versions are vulnerable.
http://www.example.com/index.php?target=%22%3E%3Cs
Exploit-DB
SiteBar 3.3.8 - 'command.php?Modify User Action uid' Cross-Site Scripting
exploitdb·2007-10-18
CVE-2007-5692 SiteBar 3.3.8 - 'command.php?Modify User Action uid' Cross-Site Scripting
SiteBar 3.3.8 - 'command.php?Modify User Action uid' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/26126/info
SiteBar is prone to multiple input-validation vulnerabilities because it fails to properly sanitize user-supplied input.
These issues include:
- A local file-include vulnerability
- Multiple arbitrary-script-code-execution vulnerabilities
- Multiple cross-site scripting vulnerabilities
- A URI-redirection vulnerability.
Exploiting these issues can allow attackers to access potentially sensitive information, to execute arbitrary script code in the context of the webserver process, to steal cookie-based authentication credentials, and to redirect users to malicious webpages.
SiteBar 3.3.8 and prior versions are vulnerable.
http://www.example.com/command.p
No writeups or analysis indexed.
http://osvdb.org/41355http://osvdb.org/41356http://osvdb.org/41357http://osvdb.org/41358http://osvdb.org/41359http://secunia.com/advisories/27503http://secunia.com/advisories/28008http://securityreason.com/securityalert/3318http://teamforge.net/viewcvs/viewcvs.cgi/tags/release-3.3.9/doc/history.txt?view=markuphttp://www.debian.org/security/2007/dsa-1423http://www.gentoo.org/security/en/glsa/glsa-200711-05.xmlhttp://www.securityfocus.com/archive/1/482499/100/0/threadedhttp://www.securityfocus.com/bid/26126http://www.vupen.com/english/advisories/2007/3768http://osvdb.org/41355http://osvdb.org/41356http://osvdb.org/41357http://osvdb.org/41358http://osvdb.org/41359http://secunia.com/advisories/27503http://secunia.com/advisories/28008http://securityreason.com/securityalert/3318http://teamforge.net/viewcvs/viewcvs.cgi/tags/release-3.3.9/doc/history.txt?view=markuphttp://www.debian.org/security/2007/dsa-1423http://www.gentoo.org/security/en/glsa/glsa-200711-05.xmlhttp://www.securityfocus.com/archive/1/482499/100/0/threadedhttp://www.securityfocus.com/bid/26126http://www.vupen.com/english/advisories/2007/3768
2007-10-29
Published