CVE-2013-0807
published 2014-03-28CVE-2013-0807: Cross-site scripting (XSS) vulnerability in the NewSectionPrompt function in include/tool/editing_page.php in gpEasy CMS 3.5.2 and earlier allows remote…
PriorityP422medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
3.99%
89.2th percentile
Cross-site scripting (XSS) vulnerability in the NewSectionPrompt function in include/tool/editing_page.php in gpEasy CMS 3.5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the section parameter in a new_section action to index.php.
Affected
22 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gpeasy | gpeasy_cms | <= 3.5.2 | — |
| gpeasy | gpeasy_cms | — | — |
| gpeasy | gpeasy_cms | — | — |
| gpeasy | gpeasy_cms | — | — |
| gpeasy | gpeasy_cms | — | — |
| gpeasy | gpeasy_cms | — | — |
| gpeasy | gpeasy_cms | — | — |
| gpeasy | gpeasy_cms | — | — |
| gpeasy | gpeasy_cms | — | — |
| gpeasy | gpeasy_cms | — | — |
| gpeasy | gpeasy_cms | — | — |
| gpeasy | gpeasy_cms | — | — |
| gpeasy | gpeasy_cms | — | — |
| gpeasy | gpeasy_cms | — | — |
| gpeasy | gpeasy_cms | — | — |
| gpeasy | gpeasy_cms | — | — |
| gpeasy | gpeasy_cms | — | — |
| gpeasy | gpeasy_cms | — | — |
| gpeasy | gpeasy_cms | — | — |
| gpeasy | gpeasy_cms | — | — |
| gpeasy | gpeasy_cms | — | — |
| gpeasy | gpeasy_cms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
gpEasy CMS up to 3.5.2 NewSectionPrompt section cross site scripting (ID 119805 / EDB-38236)
vuldb·2026-05-09·CVSS 4.3
CVE-2013-0807 [MEDIUM] gpEasy CMS up to 3.5.2 NewSectionPrompt section cross site scripting (ID 119805 / EDB-38236)
A vulnerability, which was classified as problematic, has been found in gpEasy CMS. The affected element is the function NewSectionPrompt. The manipulation of the argument section leads to cross site scripting.
This vulnerability is traded as CVE-2013-0807. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
GHSA
GHSA-r74p-jfg7-phcw: Cross-site scripting (XSS) vulnerability in the NewSectionPrompt function in include/tool/editing_page
ghsa_unreviewed·2022-05-17
CVE-2013-0807 [MEDIUM] CWE-79 GHSA-r74p-jfg7-phcw: Cross-site scripting (XSS) vulnerability in the NewSectionPrompt function in include/tool/editing_page
Cross-site scripting (XSS) vulnerability in the NewSectionPrompt function in include/tool/editing_page.php in gpEasy CMS 3.5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the section parameter in a new_section action to index.php.
No detection rules found.
Exploit-DB
Microsoft Windows Kernel - 'win32k.sys' Integer Overflow (MS13-101)
exploitdb·2013-12-17·CVSS 6.9
CVE-2013-5058 [MEDIUM] Microsoft Windows Kernel - 'win32k.sys' Integer Overflow (MS13-101)
Microsoft Windows Kernel - 'win32k.sys' Integer Overflow (MS13-101)
---
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/
Divide Error in Windows Kernel
1. *Advisory Information*
Title: Divide Error in Windows Kernel
Advisory ID: CORE-2013-0807
Advisory URL:
http://www.coresecurity.com/advisories/divide-error-in-windows-kernel
Date published: 2013-12-11
Date of last update: 2013-12-11
Vendors contacted: Microsoft
Release mode: Coordinated release
2. *Vulnerability Information*
Class: Integer overflow [CWE-190]
Impact: Denial of service
Remotely Exploitable: No
Locally Exploitable: Yes
CVE Name: CVE-2013-5058
3. *Vulnerability Description*
Windows kernel is prone to a security vulnerability when executing the
(GDI support) function 'RFONTOBJ::bTextExtent' locat
Exploit-DB
gpEasy CMS - 'section' Cross-Site Scripting
exploitdb·2013-01-23
CVE-2013-0807 gpEasy CMS - 'section' Cross-Site Scripting
gpEasy CMS - 'section' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/57522/info
gpEasy CMS is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
gpEasy CMS 3.5.2 and prior versions are vulnerable.
http://www.example.com//?cmd=new_section§ion=%22%3%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2013-01/0104.htmlhttp://osvdb.org/89536http://packetstormsecurity.com/files/119805/gpEasy-3.5.2-Cross-Site-Scripting.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/81472https://github.com/oyejorge/gpEasy-CMS/commit/40f1b4a5749a621cd27c5ca39900dbcf8701969dhttps://www.htbridge.com/advisory/HTB23137http://archives.neohapsis.com/archives/bugtraq/2013-01/0104.htmlhttp://osvdb.org/89536http://packetstormsecurity.com/files/119805/gpEasy-3.5.2-Cross-Site-Scripting.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/81472https://github.com/oyejorge/gpEasy-CMS/commit/40f1b4a5749a621cd27c5ca39900dbcf8701969dhttps://www.htbridge.com/advisory/HTB23137
2014-03-28
Published