CVE-2007-6270
published 2007-12-07CVE-2007-6270: Multiple cross-site scripting (XSS) vulnerabilities in Absolute News Manager.NET 5.1 allow remote attackers to inject arbitrary web script or HTML via the (1)…
PriorityP418medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
2.33%
81.4th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Absolute News Manager.NET 5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) rmore parameter to xlaabsolutenm.aspx and the (2) template parameter to pages/default.aspx.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| xigla | absolute_news_manager.net | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Absolute News Manager .NET 5.1 - '/pages/default.aspx?template' Cross-Site Scripting
exploitdb·2007-12-04
CVE-2007-6270 Absolute News Manager .NET 5.1 - '/pages/default.aspx?template' Cross-Site Scripting
Absolute News Manager .NET 5.1 - '/pages/default.aspx?template' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/26692/info
Absolute News Manager .NET is prone to multiple remote vulnerabilities, including multiple cross-site scripting, SQL-injection, and information-disclosure issues.
Attackers can exploit these issues to steal cookie-based authentication credentials, execute arbitrary script code in the context of the webserver process, obtain sensitive information, access or modify data, or exploit latent vulnerabilities in the underlying database.
These issues affect Absolute News Manager .NET 5.1; other versions may also be vulnerable.
http://www.example.com/[CustomerDefinedDir]/pages/?a=1&template=%3Cscript%3Ealert(2)%3C/script%3E
Exploit-DB
Absolute News Manager .NET 5.1 - 'xlaabsolutenm.aspx?rmore' Cross-Site Scripting
exploitdb·2007-12-04
CVE-2007-6270 Absolute News Manager .NET 5.1 - 'xlaabsolutenm.aspx?rmore' Cross-Site Scripting
Absolute News Manager .NET 5.1 - 'xlaabsolutenm.aspx?rmore' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/26692/info
Absolute News Manager .NET is prone to multiple remote vulnerabilities, including multiple cross-site scripting, SQL-injection, and information-disclosure issues.
Attackers can exploit these issues to steal cookie-based authentication credentials, execute arbitrary script code in the context of the webserver process, obtain sensitive information, access or modify data, or exploit latent vulnerabilities in the underlying database.
These issues affect Absolute News Manager .NET 5.1; other versions may also be vulnerable.
http://www.example.com/[CustomerDefinedDir]/xlaabsolutenm.aspx?z=1,7&sort=articleID&ord=desc&rmore=%3Cscript%3Ealert(1)%3C/script%3
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=119678724111351&w=2http://osvdb.org/40577http://osvdb.org/40578http://secunia.com/advisories/27923http://www.procheckup.com/Vulnerability_PR07-39.phphttp://www.securityfocus.com/bid/26692http://www.xigla.com/news/default.aspxhttps://exchange.xforce.ibmcloud.com/vulnerabilities/38872https://exchange.xforce.ibmcloud.com/vulnerabilities/38873http://marc.info/?l=bugtraq&m=119678724111351&w=2http://osvdb.org/40577http://osvdb.org/40578http://secunia.com/advisories/27923http://www.procheckup.com/Vulnerability_PR07-39.phphttp://www.securityfocus.com/bid/26692http://www.xigla.com/news/default.aspxhttps://exchange.xforce.ibmcloud.com/vulnerabilities/38872https://exchange.xforce.ibmcloud.com/vulnerabilities/38873
2007-12-07
Published